LCOV - code coverage report
Current view: top level - src/ap - wpa_auth.c (source / functions) Hit Total Coverage
Test: wpa_supplicant/hostapd combined for hwsim test run 1422976643 Lines: 1437 1674 85.8 %
Date: 2015-02-03 Functions: 104 107 97.2 %

          Line data    Source code
       1             : /*
       2             :  * IEEE 802.11 RSN / WPA Authenticator
       3             :  * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
       4             :  *
       5             :  * This software may be distributed under the terms of the BSD license.
       6             :  * See README for more details.
       7             :  */
       8             : 
       9             : #include "utils/includes.h"
      10             : 
      11             : #include "utils/common.h"
      12             : #include "utils/eloop.h"
      13             : #include "utils/state_machine.h"
      14             : #include "utils/bitfield.h"
      15             : #include "common/ieee802_11_defs.h"
      16             : #include "crypto/aes_wrap.h"
      17             : #include "crypto/crypto.h"
      18             : #include "crypto/sha1.h"
      19             : #include "crypto/sha256.h"
      20             : #include "crypto/random.h"
      21             : #include "eapol_auth/eapol_auth_sm.h"
      22             : #include "ap_config.h"
      23             : #include "ieee802_11.h"
      24             : #include "wpa_auth.h"
      25             : #include "pmksa_cache_auth.h"
      26             : #include "wpa_auth_i.h"
      27             : #include "wpa_auth_ie.h"
      28             : 
      29             : #define STATE_MACHINE_DATA struct wpa_state_machine
      30             : #define STATE_MACHINE_DEBUG_PREFIX "WPA"
      31             : #define STATE_MACHINE_ADDR sm->addr
      32             : 
      33             : 
      34             : static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
      35             : static int wpa_sm_step(struct wpa_state_machine *sm);
      36             : static int wpa_verify_key_mic(int akmp, struct wpa_ptk *PTK, u8 *data,
      37             :                               size_t data_len);
      38             : static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
      39             : static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
      40             :                               struct wpa_group *group);
      41             : static void wpa_request_new_ptk(struct wpa_state_machine *sm);
      42             : static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
      43             :                           struct wpa_group *group);
      44             : static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
      45             :                                        struct wpa_group *group);
      46             : static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
      47             :                           const u8 *pmk, struct wpa_ptk *ptk);
      48             : 
      49             : static const u32 dot11RSNAConfigGroupUpdateCount = 4;
      50             : static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
      51             : static const u32 eapol_key_timeout_first = 100; /* ms */
      52             : static const u32 eapol_key_timeout_subseq = 1000; /* ms */
      53             : static const u32 eapol_key_timeout_first_group = 500; /* ms */
      54             : 
      55             : /* TODO: make these configurable */
      56             : static const int dot11RSNAConfigPMKLifetime = 43200;
      57             : static const int dot11RSNAConfigPMKReauthThreshold = 70;
      58             : static const int dot11RSNAConfigSATimeout = 60;
      59             : 
      60             : 
      61           4 : static inline int wpa_auth_mic_failure_report(
      62             :         struct wpa_authenticator *wpa_auth, const u8 *addr)
      63             : {
      64           4 :         if (wpa_auth->cb.mic_failure_report)
      65           4 :                 return wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
      66           0 :         return 0;
      67             : }
      68             : 
      69             : 
      70       18209 : static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
      71             :                                       const u8 *addr, wpa_eapol_variable var,
      72             :                                       int value)
      73             : {
      74       18209 :         if (wpa_auth->cb.set_eapol)
      75       18209 :                 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value);
      76       18209 : }
      77             : 
      78             : 
      79       13198 : static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
      80             :                                      const u8 *addr, wpa_eapol_variable var)
      81             : {
      82       13198 :         if (wpa_auth->cb.get_eapol == NULL)
      83           0 :                 return -1;
      84       13198 :         return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var);
      85             : }
      86             : 
      87             : 
      88        2054 : static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
      89             :                                           const u8 *addr,
      90             :                                           const u8 *p2p_dev_addr,
      91             :                                           const u8 *prev_psk)
      92             : {
      93        2054 :         if (wpa_auth->cb.get_psk == NULL)
      94           0 :                 return NULL;
      95        2054 :         return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, p2p_dev_addr,
      96             :                                     prev_psk);
      97             : }
      98             : 
      99             : 
     100         615 : static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
     101             :                                    const u8 *addr, u8 *msk, size_t *len)
     102             : {
     103         615 :         if (wpa_auth->cb.get_msk == NULL)
     104           0 :                 return -1;
     105         615 :         return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len);
     106             : }
     107             : 
     108             : 
     109       12495 : static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
     110             :                                    int vlan_id,
     111             :                                    enum wpa_alg alg, const u8 *addr, int idx,
     112             :                                    u8 *key, size_t key_len)
     113             : {
     114       12495 :         if (wpa_auth->cb.set_key == NULL)
     115           0 :                 return -1;
     116       12495 :         return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
     117             :                                     key, key_len);
     118             : }
     119             : 
     120             : 
     121        1373 : static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
     122             :                                       const u8 *addr, int idx, u8 *seq)
     123             : {
     124        1373 :         if (wpa_auth->cb.get_seqnum == NULL)
     125          10 :                 return -1;
     126        1363 :         return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
     127             : }
     128             : 
     129             : 
     130             : static inline int
     131        2681 : wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
     132             :                     const u8 *data, size_t data_len, int encrypt)
     133             : {
     134        2681 :         if (wpa_auth->cb.send_eapol == NULL)
     135           0 :                 return -1;
     136        2681 :         return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len,
     137             :                                        encrypt);
     138             : }
     139             : 
     140             : 
     141             : #ifdef CONFIG_MESH
     142          11 : static inline int wpa_auth_start_ampe(struct wpa_authenticator *wpa_auth,
     143             :                                       const u8 *addr)
     144             : {
     145          11 :         if (wpa_auth->cb.start_ampe == NULL)
     146           5 :                 return -1;
     147           6 :         return wpa_auth->cb.start_ampe(wpa_auth->cb.ctx, addr);
     148             : }
     149             : #endif /* CONFIG_MESH */
     150             : 
     151             : 
     152         323 : int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
     153             :                           int (*cb)(struct wpa_state_machine *sm, void *ctx),
     154             :                           void *cb_ctx)
     155             : {
     156         323 :         if (wpa_auth->cb.for_each_sta == NULL)
     157           0 :                 return 0;
     158         323 :         return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx);
     159             : }
     160             : 
     161             : 
     162           6 : int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
     163             :                            int (*cb)(struct wpa_authenticator *a, void *ctx),
     164             :                            void *cb_ctx)
     165             : {
     166           6 :         if (wpa_auth->cb.for_each_auth == NULL)
     167           0 :                 return 0;
     168           6 :         return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx);
     169             : }
     170             : 
     171             : 
     172       12096 : void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
     173             :                      logger_level level, const char *txt)
     174             : {
     175       12096 :         if (wpa_auth->cb.logger == NULL)
     176       12096 :                 return;
     177       12096 :         wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt);
     178             : }
     179             : 
     180             : 
     181        7540 : void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
     182             :                       logger_level level, const char *fmt, ...)
     183             : {
     184             :         char *format;
     185             :         int maxlen;
     186             :         va_list ap;
     187             : 
     188        7540 :         if (wpa_auth->cb.logger == NULL)
     189           4 :                 return;
     190             : 
     191        7540 :         maxlen = os_strlen(fmt) + 100;
     192        7540 :         format = os_malloc(maxlen);
     193        7540 :         if (!format)
     194           4 :                 return;
     195             : 
     196        7536 :         va_start(ap, fmt);
     197        7536 :         vsnprintf(format, maxlen, fmt, ap);
     198        7536 :         va_end(ap);
     199             : 
     200        7536 :         wpa_auth_logger(wpa_auth, addr, level, format);
     201             : 
     202        7536 :         os_free(format);
     203             : }
     204             : 
     205             : 
     206          17 : static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
     207             :                                const u8 *addr)
     208             : {
     209          17 :         if (wpa_auth->cb.disconnect == NULL)
     210          17 :                 return;
     211          17 :         wpa_printf(MSG_DEBUG, "wpa_sta_disconnect STA " MACSTR, MAC2STR(addr));
     212          17 :         wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr,
     213             :                                 WLAN_REASON_PREV_AUTH_NOT_VALID);
     214             : }
     215             : 
     216             : 
     217        7846 : static int wpa_use_aes_cmac(struct wpa_state_machine *sm)
     218             : {
     219        7846 :         int ret = 0;
     220             : #ifdef CONFIG_IEEE80211R
     221        7846 :         if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
     222         152 :                 ret = 1;
     223             : #endif /* CONFIG_IEEE80211R */
     224             : #ifdef CONFIG_IEEE80211W
     225        7846 :         if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt))
     226         182 :                 ret = 1;
     227             : #endif /* CONFIG_IEEE80211W */
     228        7846 :         if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN)
     229           8 :                 ret = 1;
     230        7846 :         return ret;
     231             : }
     232             : 
     233             : 
     234           1 : static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
     235             : {
     236           1 :         struct wpa_authenticator *wpa_auth = eloop_ctx;
     237             : 
     238           1 :         if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) {
     239           0 :                 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
     240             :                            "initialization.");
     241             :         } else {
     242           1 :                 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
     243           1 :                 wpa_hexdump_key(MSG_DEBUG, "GMK",
     244           1 :                                 wpa_auth->group->GMK, WPA_GMK_LEN);
     245             :         }
     246             : 
     247           1 :         if (wpa_auth->conf.wpa_gmk_rekey) {
     248           1 :                 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
     249             :                                        wpa_rekey_gmk, wpa_auth, NULL);
     250             :         }
     251           1 : }
     252             : 
     253             : 
     254          10 : static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
     255             : {
     256          10 :         struct wpa_authenticator *wpa_auth = eloop_ctx;
     257             :         struct wpa_group *group;
     258             : 
     259          10 :         wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
     260          20 :         for (group = wpa_auth->group; group; group = group->next) {
     261          10 :                 group->GTKReKey = TRUE;
     262             :                 do {
     263          12 :                         group->changed = FALSE;
     264          12 :                         wpa_group_sm_step(wpa_auth, group);
     265          12 :                 } while (group->changed);
     266             :         }
     267             : 
     268          10 :         if (wpa_auth->conf.wpa_group_rekey) {
     269          10 :                 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
     270             :                                        0, wpa_rekey_gtk, wpa_auth, NULL);
     271             :         }
     272          10 : }
     273             : 
     274             : 
     275           3 : static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
     276             : {
     277           3 :         struct wpa_authenticator *wpa_auth = eloop_ctx;
     278           3 :         struct wpa_state_machine *sm = timeout_ctx;
     279             : 
     280           3 :         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
     281           3 :         wpa_request_new_ptk(sm);
     282           3 :         wpa_sm_step(sm);
     283           3 : }
     284             : 
     285             : 
     286         311 : static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
     287             : {
     288         311 :         if (sm->pmksa == ctx)
     289           2 :                 sm->pmksa = NULL;
     290         311 :         return 0;
     291             : }
     292             : 
     293             : 
     294         303 : static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
     295             :                                    void *ctx)
     296             : {
     297         303 :         struct wpa_authenticator *wpa_auth = ctx;
     298         303 :         wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
     299         303 : }
     300             : 
     301             : 
     302        1560 : static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
     303             :                                           struct wpa_group *group)
     304             : {
     305             :         u8 buf[ETH_ALEN + 8 + sizeof(unsigned long)];
     306             :         u8 rkey[32];
     307             :         unsigned long ptr;
     308             : 
     309        1560 :         if (random_get_bytes(group->GMK, WPA_GMK_LEN) < 0)
     310           0 :                 return -1;
     311        1560 :         wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN);
     312             : 
     313             :         /*
     314             :          * Counter = PRF-256(Random number, "Init Counter",
     315             :          *                   Local MAC Address || Time)
     316             :          */
     317        1560 :         os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
     318        1560 :         wpa_get_ntp_timestamp(buf + ETH_ALEN);
     319        1560 :         ptr = (unsigned long) group;
     320        1560 :         os_memcpy(buf + ETH_ALEN + 8, &ptr, sizeof(ptr));
     321        1560 :         if (random_get_bytes(rkey, sizeof(rkey)) < 0)
     322           0 :                 return -1;
     323             : 
     324        1560 :         if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
     325        1560 :                      group->Counter, WPA_NONCE_LEN) < 0)
     326           0 :                 return -1;
     327        1560 :         wpa_hexdump_key(MSG_DEBUG, "Key Counter",
     328        1560 :                         group->Counter, WPA_NONCE_LEN);
     329             : 
     330        1560 :         return 0;
     331             : }
     332             : 
     333             : 
     334         885 : static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
     335             :                                          int vlan_id, int delay_init)
     336             : {
     337             :         struct wpa_group *group;
     338             : 
     339         885 :         group = os_zalloc(sizeof(struct wpa_group));
     340         885 :         if (group == NULL)
     341           0 :                 return NULL;
     342             : 
     343         885 :         group->GTKAuthenticator = TRUE;
     344         885 :         group->vlan_id = vlan_id;
     345         885 :         group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
     346             : 
     347             :         if (random_pool_ready() != 1) {
     348             :                 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
     349             :                            "for secure operations - update keys later when "
     350             :                            "the first station connects");
     351             :         }
     352             : 
     353             :         /*
     354             :          * Set initial GMK/Counter value here. The actual values that will be
     355             :          * used in negotiations will be set once the first station tries to
     356             :          * connect. This allows more time for collecting additional randomness
     357             :          * on embedded devices.
     358             :          */
     359         885 :         if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0) {
     360           0 :                 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
     361             :                            "initialization.");
     362           0 :                 os_free(group);
     363           0 :                 return NULL;
     364             :         }
     365             : 
     366         885 :         group->GInit = TRUE;
     367         885 :         if (delay_init) {
     368         877 :                 wpa_printf(MSG_DEBUG, "WPA: Delay group state machine start "
     369             :                            "until Beacon frames have been configured");
     370             :                 /* Initialization is completed in wpa_init_keys(). */
     371             :         } else {
     372           8 :                 wpa_group_sm_step(wpa_auth, group);
     373           8 :                 group->GInit = FALSE;
     374           8 :                 wpa_group_sm_step(wpa_auth, group);
     375             :         }
     376             : 
     377         885 :         return group;
     378             : }
     379             : 
     380             : 
     381             : /**
     382             :  * wpa_init - Initialize WPA authenticator
     383             :  * @addr: Authenticator address
     384             :  * @conf: Configuration for WPA authenticator
     385             :  * @cb: Callback functions for WPA authenticator
     386             :  * Returns: Pointer to WPA authenticator data or %NULL on failure
     387             :  */
     388         877 : struct wpa_authenticator * wpa_init(const u8 *addr,
     389             :                                     struct wpa_auth_config *conf,
     390             :                                     struct wpa_auth_callbacks *cb)
     391             : {
     392             :         struct wpa_authenticator *wpa_auth;
     393             : 
     394         877 :         wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
     395         877 :         if (wpa_auth == NULL)
     396           0 :                 return NULL;
     397         877 :         os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
     398         877 :         os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
     399         877 :         os_memcpy(&wpa_auth->cb, cb, sizeof(*cb));
     400             : 
     401         877 :         if (wpa_auth_gen_wpa_ie(wpa_auth)) {
     402           0 :                 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
     403           0 :                 os_free(wpa_auth);
     404           0 :                 return NULL;
     405             :         }
     406             : 
     407         877 :         wpa_auth->group = wpa_group_init(wpa_auth, 0, 1);
     408         877 :         if (wpa_auth->group == NULL) {
     409           0 :                 os_free(wpa_auth->wpa_ie);
     410           0 :                 os_free(wpa_auth);
     411           0 :                 return NULL;
     412             :         }
     413             : 
     414         877 :         wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
     415             :                                                 wpa_auth);
     416         877 :         if (wpa_auth->pmksa == NULL) {
     417           0 :                 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
     418           0 :                 os_free(wpa_auth->group);
     419           0 :                 os_free(wpa_auth->wpa_ie);
     420           0 :                 os_free(wpa_auth);
     421           0 :                 return NULL;
     422             :         }
     423             : 
     424             : #ifdef CONFIG_IEEE80211R
     425         877 :         wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
     426         877 :         if (wpa_auth->ft_pmk_cache == NULL) {
     427           0 :                 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
     428           0 :                 os_free(wpa_auth->group);
     429           0 :                 os_free(wpa_auth->wpa_ie);
     430           0 :                 pmksa_cache_auth_deinit(wpa_auth->pmksa);
     431           0 :                 os_free(wpa_auth);
     432           0 :                 return NULL;
     433             :         }
     434             : #endif /* CONFIG_IEEE80211R */
     435             : 
     436         877 :         if (wpa_auth->conf.wpa_gmk_rekey) {
     437         866 :                 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
     438             :                                        wpa_rekey_gmk, wpa_auth, NULL);
     439             :         }
     440             : 
     441         877 :         if (wpa_auth->conf.wpa_group_rekey) {
     442         877 :                 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
     443             :                                        wpa_rekey_gtk, wpa_auth, NULL);
     444             :         }
     445             : 
     446             : #ifdef CONFIG_P2P
     447         242 :         if (WPA_GET_BE32(conf->ip_addr_start)) {
     448         282 :                 int count = WPA_GET_BE32(conf->ip_addr_end) -
     449         188 :                         WPA_GET_BE32(conf->ip_addr_start) + 1;
     450          94 :                 if (count > 1000)
     451           0 :                         count = 1000;
     452          94 :                 if (count > 0)
     453          94 :                         wpa_auth->ip_pool = bitfield_alloc(count);
     454             :         }
     455             : #endif /* CONFIG_P2P */
     456             : 
     457         877 :         return wpa_auth;
     458             : }
     459             : 
     460             : 
     461         867 : int wpa_init_keys(struct wpa_authenticator *wpa_auth)
     462             : {
     463         867 :         struct wpa_group *group = wpa_auth->group;
     464             : 
     465         867 :         wpa_printf(MSG_DEBUG, "WPA: Start group state machine to set initial "
     466             :                    "keys");
     467         867 :         wpa_group_sm_step(wpa_auth, group);
     468         867 :         group->GInit = FALSE;
     469         867 :         wpa_group_sm_step(wpa_auth, group);
     470         867 :         if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
     471           0 :                 return -1;
     472         867 :         return 0;
     473             : }
     474             : 
     475             : 
     476             : /**
     477             :  * wpa_deinit - Deinitialize WPA authenticator
     478             :  * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
     479             :  */
     480         877 : void wpa_deinit(struct wpa_authenticator *wpa_auth)
     481             : {
     482             :         struct wpa_group *group, *prev;
     483             : 
     484         877 :         eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
     485         877 :         eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
     486             : 
     487             : #ifdef CONFIG_PEERKEY
     488        1754 :         while (wpa_auth->stsl_negotiations)
     489           0 :                 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations);
     490             : #endif /* CONFIG_PEERKEY */
     491             : 
     492         877 :         pmksa_cache_auth_deinit(wpa_auth->pmksa);
     493             : 
     494             : #ifdef CONFIG_IEEE80211R
     495         877 :         wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
     496         877 :         wpa_auth->ft_pmk_cache = NULL;
     497             : #endif /* CONFIG_IEEE80211R */
     498             : 
     499             : #ifdef CONFIG_P2P
     500         242 :         bitfield_free(wpa_auth->ip_pool);
     501             : #endif /* CONFIG_P2P */
     502             : 
     503             : 
     504         877 :         os_free(wpa_auth->wpa_ie);
     505             : 
     506         877 :         group = wpa_auth->group;
     507        2639 :         while (group) {
     508         885 :                 prev = group;
     509         885 :                 group = group->next;
     510         885 :                 os_free(prev);
     511             :         }
     512             : 
     513         877 :         os_free(wpa_auth);
     514         877 : }
     515             : 
     516             : 
     517             : /**
     518             :  * wpa_reconfig - Update WPA authenticator configuration
     519             :  * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
     520             :  * @conf: Configuration for WPA authenticator
     521             :  */
     522           2 : int wpa_reconfig(struct wpa_authenticator *wpa_auth,
     523             :                  struct wpa_auth_config *conf)
     524             : {
     525             :         struct wpa_group *group;
     526           2 :         if (wpa_auth == NULL)
     527           0 :                 return 0;
     528             : 
     529           2 :         os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
     530           2 :         if (wpa_auth_gen_wpa_ie(wpa_auth)) {
     531           0 :                 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
     532           0 :                 return -1;
     533             :         }
     534             : 
     535             :         /*
     536             :          * Reinitialize GTK to make sure it is suitable for the new
     537             :          * configuration.
     538             :          */
     539           2 :         group = wpa_auth->group;
     540           2 :         group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
     541           2 :         group->GInit = TRUE;
     542           2 :         wpa_group_sm_step(wpa_auth, group);
     543           2 :         group->GInit = FALSE;
     544           2 :         wpa_group_sm_step(wpa_auth, group);
     545             : 
     546           2 :         return 0;
     547             : }
     548             : 
     549             : 
     550             : struct wpa_state_machine *
     551        1596 : wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr,
     552             :                   const u8 *p2p_dev_addr)
     553             : {
     554             :         struct wpa_state_machine *sm;
     555             : 
     556        1596 :         if (wpa_auth->group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
     557           0 :                 return NULL;
     558             : 
     559        1596 :         sm = os_zalloc(sizeof(struct wpa_state_machine));
     560        1596 :         if (sm == NULL)
     561           0 :                 return NULL;
     562        1596 :         os_memcpy(sm->addr, addr, ETH_ALEN);
     563        1596 :         if (p2p_dev_addr)
     564         184 :                 os_memcpy(sm->p2p_dev_addr, p2p_dev_addr, ETH_ALEN);
     565             : 
     566        1596 :         sm->wpa_auth = wpa_auth;
     567        1596 :         sm->group = wpa_auth->group;
     568             : 
     569        1596 :         return sm;
     570             : }
     571             : 
     572             : 
     573        2468 : int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
     574             :                             struct wpa_state_machine *sm)
     575             : {
     576        2468 :         if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
     577         607 :                 return -1;
     578             : 
     579             : #ifdef CONFIG_IEEE80211R
     580        1861 :         if (sm->ft_completed) {
     581         221 :                 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
     582             :                                 "FT authentication already completed - do not "
     583             :                                 "start 4-way handshake");
     584             :                 /* Go to PTKINITDONE state to allow GTK rekeying */
     585         221 :                 sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
     586         221 :                 return 0;
     587             :         }
     588             : #endif /* CONFIG_IEEE80211R */
     589             : 
     590        1640 :         if (sm->started) {
     591          72 :                 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
     592          72 :                 sm->ReAuthenticationRequest = TRUE;
     593          72 :                 return wpa_sm_step(sm);
     594             :         }
     595             : 
     596        1568 :         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
     597             :                         "start authentication");
     598        1568 :         sm->started = 1;
     599             : 
     600        1568 :         sm->Init = TRUE;
     601        1568 :         if (wpa_sm_step(sm) == 1)
     602           0 :                 return 1; /* should not really happen */
     603        1568 :         sm->Init = FALSE;
     604        1568 :         sm->AuthenticationRequest = TRUE;
     605        1568 :         return wpa_sm_step(sm);
     606             : }
     607             : 
     608             : 
     609         607 : void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
     610             : {
     611             :         /* WPA/RSN was not used - clear WPA state. This is needed if the STA
     612             :          * reassociates back to the same AP while the previous entry for the
     613             :          * STA has not yet been removed. */
     614         607 :         if (sm == NULL)
     615        1214 :                 return;
     616             : 
     617           0 :         sm->wpa_key_mgmt = 0;
     618             : }
     619             : 
     620             : 
     621        1596 : static void wpa_free_sta_sm(struct wpa_state_machine *sm)
     622             : {
     623             : #ifdef CONFIG_P2P
     624         222 :         if (WPA_GET_BE32(sm->ip_addr)) {
     625             :                 u32 start;
     626         850 :                 wpa_printf(MSG_DEBUG, "P2P: Free assigned IP "
     627             :                            "address %u.%u.%u.%u from " MACSTR,
     628         170 :                            sm->ip_addr[0], sm->ip_addr[1],
     629         170 :                            sm->ip_addr[2], sm->ip_addr[3],
     630         510 :                            MAC2STR(sm->addr));
     631          85 :                 start = WPA_GET_BE32(sm->wpa_auth->conf.ip_addr_start);
     632          85 :                 bitfield_clear(sm->wpa_auth->ip_pool,
     633          85 :                                WPA_GET_BE32(sm->ip_addr) - start);
     634             :         }
     635             : #endif /* CONFIG_P2P */
     636        1596 :         if (sm->GUpdateStationKeys) {
     637           1 :                 sm->group->GKeyDoneStations--;
     638           1 :                 sm->GUpdateStationKeys = FALSE;
     639             :         }
     640             : #ifdef CONFIG_IEEE80211R
     641        1596 :         os_free(sm->assoc_resp_ftie);
     642        1596 :         wpabuf_free(sm->ft_pending_req_ies);
     643             : #endif /* CONFIG_IEEE80211R */
     644        1596 :         os_free(sm->last_rx_eapol_key);
     645        1596 :         os_free(sm->wpa_ie);
     646        1596 :         os_free(sm);
     647        1596 : }
     648             : 
     649             : 
     650        2239 : void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
     651             : {
     652        2239 :         if (sm == NULL)
     653        2882 :                 return;
     654             : 
     655        1596 :         if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
     656           2 :                 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
     657             :                                 "strict rekeying - force GTK rekey since STA "
     658             :                                 "is leaving");
     659           2 :                 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
     660           2 :                 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
     661             :                                        NULL);
     662             :         }
     663             : 
     664        1596 :         eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
     665        1596 :         sm->pending_1_of_4_timeout = 0;
     666        1596 :         eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
     667        1596 :         eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
     668        1596 :         if (sm->in_step_loop) {
     669             :                 /* Must not free state machine while wpa_sm_step() is running.
     670             :                  * Freeing will be completed in the end of wpa_sm_step(). */
     671           0 :                 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
     672           0 :                            "machine deinit for " MACSTR, MAC2STR(sm->addr));
     673           0 :                 sm->pending_deinit = 1;
     674             :         } else
     675        1596 :                 wpa_free_sta_sm(sm);
     676             : }
     677             : 
     678             : 
     679           8 : static void wpa_request_new_ptk(struct wpa_state_machine *sm)
     680             : {
     681           8 :         if (sm == NULL)
     682           8 :                 return;
     683             : 
     684           8 :         sm->PTKRequest = TRUE;
     685           8 :         sm->PTK_valid = 0;
     686             : }
     687             : 
     688             : 
     689        2664 : static int wpa_replay_counter_valid(struct wpa_key_replay_counter *ctr,
     690             :                                     const u8 *replay_counter)
     691             : {
     692             :         int i;
     693        2672 :         for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
     694        2672 :                 if (!ctr[i].valid)
     695           5 :                         break;
     696        2667 :                 if (os_memcmp(replay_counter, ctr[i].counter,
     697             :                               WPA_REPLAY_COUNTER_LEN) == 0)
     698        2659 :                         return 1;
     699             :         }
     700           5 :         return 0;
     701             : }
     702             : 
     703             : 
     704        5306 : static void wpa_replay_counter_mark_invalid(struct wpa_key_replay_counter *ctr,
     705             :                                             const u8 *replay_counter)
     706             : {
     707             :         int i;
     708       26530 :         for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
     709       21224 :                 if (ctr[i].valid &&
     710        2658 :                     (replay_counter == NULL ||
     711        2658 :                      os_memcmp(replay_counter, ctr[i].counter,
     712             :                                WPA_REPLAY_COUNTER_LEN) == 0))
     713        2658 :                         ctr[i].valid = FALSE;
     714             :         }
     715        5306 : }
     716             : 
     717             : 
     718             : #ifdef CONFIG_IEEE80211R
     719          24 : static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth,
     720             :                                struct wpa_state_machine *sm,
     721             :                                struct wpa_eapol_ie_parse *kde)
     722             : {
     723             :         struct wpa_ie_data ie;
     724             :         struct rsn_mdie *mdie;
     725             : 
     726          48 :         if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 ||
     727          48 :             ie.num_pmkid != 1 || ie.pmkid == NULL) {
     728           0 :                 wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in "
     729             :                            "FT 4-way handshake message 2/4");
     730           0 :                 return -1;
     731             :         }
     732             : 
     733          24 :         os_memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN);
     734          24 :         wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Supplicant",
     735          24 :                     sm->sup_pmk_r1_name, PMKID_LEN);
     736             : 
     737          24 :         if (!kde->mdie || !kde->ftie) {
     738           0 :                 wpa_printf(MSG_DEBUG, "FT: No %s in FT 4-way handshake "
     739           0 :                            "message 2/4", kde->mdie ? "FTIE" : "MDIE");
     740           0 :                 return -1;
     741             :         }
     742             : 
     743          24 :         mdie = (struct rsn_mdie *) (kde->mdie + 2);
     744          48 :         if (kde->mdie[1] < sizeof(struct rsn_mdie) ||
     745          24 :             os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain,
     746             :                       MOBILITY_DOMAIN_ID_LEN) != 0) {
     747           0 :                 wpa_printf(MSG_DEBUG, "FT: MDIE mismatch");
     748           0 :                 return -1;
     749             :         }
     750             : 
     751          48 :         if (sm->assoc_resp_ftie &&
     752          48 :             (kde->ftie[1] != sm->assoc_resp_ftie[1] ||
     753          24 :              os_memcmp(kde->ftie, sm->assoc_resp_ftie,
     754             :                        2 + sm->assoc_resp_ftie[1]) != 0)) {
     755           0 :                 wpa_printf(MSG_DEBUG, "FT: FTIE mismatch");
     756           0 :                 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4",
     757           0 :                             kde->ftie, kde->ftie_len);
     758           0 :                 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)AssocResp",
     759           0 :                             sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]);
     760           0 :                 return -1;
     761             :         }
     762             : 
     763          24 :         return 0;
     764             : }
     765             : #endif /* CONFIG_IEEE80211R */
     766             : 
     767             : 
     768           4 : static int wpa_receive_error_report(struct wpa_authenticator *wpa_auth,
     769             :                                     struct wpa_state_machine *sm, int group)
     770             : {
     771             :         /* Supplicant reported a Michael MIC error */
     772           4 :         wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
     773             :                          "received EAPOL-Key Error Request "
     774             :                          "(STA detected Michael MIC failure (group=%d))",
     775             :                          group);
     776             : 
     777           4 :         if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
     778           0 :                 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
     779             :                                 "ignore Michael MIC failure report since "
     780             :                                 "group cipher is not TKIP");
     781           4 :         } else if (!group && sm->pairwise != WPA_CIPHER_TKIP) {
     782           0 :                 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
     783             :                                 "ignore Michael MIC failure report since "
     784             :                                 "pairwise cipher is not TKIP");
     785             :         } else {
     786           4 :                 if (wpa_auth_mic_failure_report(wpa_auth, sm->addr) > 0)
     787           2 :                         return 1; /* STA entry was removed */
     788           2 :                 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
     789           2 :                 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
     790             :         }
     791             : 
     792             :         /*
     793             :          * Error report is not a request for a new key handshake, but since
     794             :          * Authenticator may do it, let's change the keys now anyway.
     795             :          */
     796           2 :         wpa_request_new_ptk(sm);
     797           2 :         return 0;
     798             : }
     799             : 
     800             : 
     801           1 : static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,
     802             :                               size_t data_len)
     803             : {
     804             :         struct wpa_ptk PTK;
     805           1 :         int ok = 0;
     806           1 :         const u8 *pmk = NULL;
     807             : 
     808             :         for (;;) {
     809           1 :                 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
     810           1 :                         pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
     811           1 :                                                sm->p2p_dev_addr, pmk);
     812           1 :                         if (pmk == NULL)
     813           0 :                                 break;
     814             :                 } else
     815           0 :                         pmk = sm->PMK;
     816             : 
     817           1 :                 wpa_derive_ptk(sm, sm->alt_SNonce, pmk, &PTK);
     818             : 
     819           1 :                 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK, data, data_len)
     820             :                     == 0) {
     821           1 :                         ok = 1;
     822           1 :                         break;
     823             :                 }
     824             : 
     825           0 :                 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
     826           0 :                         break;
     827           0 :         }
     828             : 
     829           1 :         if (!ok) {
     830           0 :                 wpa_printf(MSG_DEBUG,
     831             :                            "WPA: Earlier SNonce did not result in matching MIC");
     832           0 :                 return -1;
     833             :         }
     834             : 
     835           1 :         wpa_printf(MSG_DEBUG,
     836             :                    "WPA: Earlier SNonce resulted in matching MIC");
     837           1 :         sm->alt_snonce_valid = 0;
     838           1 :         os_memcpy(sm->SNonce, sm->alt_SNonce, WPA_NONCE_LEN);
     839           1 :         os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
     840           1 :         sm->PTK_valid = TRUE;
     841             : 
     842           1 :         return 0;
     843             : }
     844             : 
     845             : 
     846        2684 : void wpa_receive(struct wpa_authenticator *wpa_auth,
     847             :                  struct wpa_state_machine *sm,
     848             :                  u8 *data, size_t data_len)
     849             : {
     850             :         struct ieee802_1x_hdr *hdr;
     851             :         struct wpa_eapol_key *key;
     852             :         struct wpa_eapol_key_192 *key192;
     853             :         u16 key_info, key_data_length;
     854             :         enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
     855             :                SMK_M1, SMK_M3, SMK_ERROR } msg;
     856             :         char *msgtxt;
     857             :         struct wpa_eapol_ie_parse kde;
     858             :         int ft;
     859             :         const u8 *eapol_key_ie, *key_data;
     860             :         size_t eapol_key_ie_len, keyhdrlen, mic_len;
     861             : 
     862        2684 :         if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
     863          28 :                 return;
     864             : 
     865        2682 :         mic_len = wpa_mic_len(sm->wpa_key_mgmt);
     866        2682 :         keyhdrlen = mic_len == 24 ? sizeof(*key192) : sizeof(*key);
     867             : 
     868        2682 :         if (data_len < sizeof(*hdr) + keyhdrlen)
     869           0 :                 return;
     870             : 
     871        2682 :         hdr = (struct ieee802_1x_hdr *) data;
     872        2682 :         key = (struct wpa_eapol_key *) (hdr + 1);
     873        2682 :         key192 = (struct wpa_eapol_key_192 *) (hdr + 1);
     874        2682 :         key_info = WPA_GET_BE16(key->key_info);
     875        2682 :         if (mic_len == 24) {
     876           4 :                 key_data = (const u8 *) (key192 + 1);
     877           4 :                 key_data_length = WPA_GET_BE16(key192->key_data_length);
     878             :         } else {
     879        2678 :                 key_data = (const u8 *) (key + 1);
     880        2678 :                 key_data_length = WPA_GET_BE16(key->key_data_length);
     881             :         }
     882       21456 :         wpa_printf(MSG_DEBUG, "WPA: Received EAPOL-Key from " MACSTR
     883             :                    " key_info=0x%x type=%u key_data_length=%u",
     884       18774 :                    MAC2STR(sm->addr), key_info, key->type, key_data_length);
     885        2682 :         if (key_data_length > data_len - sizeof(*hdr) - keyhdrlen) {
     886           1 :                 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
     887             :                            "key_data overflow (%d > %lu)",
     888             :                            key_data_length,
     889           1 :                            (unsigned long) (data_len - sizeof(*hdr) -
     890             :                                             keyhdrlen));
     891           1 :                 return;
     892             :         }
     893             : 
     894        2681 :         if (sm->wpa == WPA_VERSION_WPA2) {
     895        2607 :                 if (key->type == EAPOL_KEY_TYPE_WPA) {
     896             :                         /*
     897             :                          * Some deployed station implementations seem to send
     898             :                          * msg 4/4 with incorrect type value in WPA2 mode.
     899             :                          */
     900           1 :                         wpa_printf(MSG_DEBUG, "Workaround: Allow EAPOL-Key "
     901             :                                    "with unexpected WPA type in RSN mode");
     902        2606 :                 } else if (key->type != EAPOL_KEY_TYPE_RSN) {
     903           0 :                         wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
     904             :                                    "unexpected type %d in RSN mode",
     905           0 :                                    key->type);
     906           0 :                         return;
     907             :                 }
     908             :         } else {
     909          74 :                 if (key->type != EAPOL_KEY_TYPE_WPA) {
     910           1 :                         wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
     911             :                                    "unexpected type %d in WPA mode",
     912           1 :                                    key->type);
     913           1 :                         return;
     914             :                 }
     915             :         }
     916             : 
     917        2680 :         wpa_hexdump(MSG_DEBUG, "WPA: Received Key Nonce", key->key_nonce,
     918             :                     WPA_NONCE_LEN);
     919        2680 :         wpa_hexdump(MSG_DEBUG, "WPA: Received Replay Counter",
     920        2680 :                     key->replay_counter, WPA_REPLAY_COUNTER_LEN);
     921             : 
     922             :         /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
     923             :          * are set */
     924             : 
     925        2680 :         if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
     926             :             (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
     927           8 :                 if (key_info & WPA_KEY_INFO_ERROR) {
     928           3 :                         msg = SMK_ERROR;
     929           3 :                         msgtxt = "SMK Error";
     930             :                 } else {
     931           5 :                         msg = SMK_M1;
     932           5 :                         msgtxt = "SMK M1";
     933             :                 }
     934        2672 :         } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
     935           2 :                 msg = SMK_M3;
     936           2 :                 msgtxt = "SMK M3";
     937        2670 :         } else if (key_info & WPA_KEY_INFO_REQUEST) {
     938          11 :                 msg = REQUEST;
     939          11 :                 msgtxt = "Request";
     940        2659 :         } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
     941          31 :                 msg = GROUP_2;
     942          31 :                 msgtxt = "2/2 Group";
     943        2628 :         } else if (key_data_length == 0) {
     944        1301 :                 msg = PAIRWISE_4;
     945        1301 :                 msgtxt = "4/4 Pairwise";
     946             :         } else {
     947        1327 :                 msg = PAIRWISE_2;
     948        1327 :                 msgtxt = "2/4 Pairwise";
     949             :         }
     950             : 
     951             :         /* TODO: key_info type validation for PeerKey */
     952        2680 :         if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
     953             :             msg == GROUP_2) {
     954        2670 :                 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
     955        2758 :                 if (sm->pairwise == WPA_CIPHER_CCMP ||
     956          88 :                     sm->pairwise == WPA_CIPHER_GCMP) {
     957        2701 :                         if (wpa_use_aes_cmac(sm) &&
     958         222 :                             sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN &&
     959         214 :                             !wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) &&
     960             :                             ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
     961           0 :                                 wpa_auth_logger(wpa_auth, sm->addr,
     962             :                                                 LOGGER_WARNING,
     963             :                                                 "advertised support for "
     964             :                                                 "AES-128-CMAC, but did not "
     965             :                                                 "use it");
     966           0 :                                 return;
     967             :                         }
     968             : 
     969        2588 :                         if (!wpa_use_aes_cmac(sm) &&
     970             :                             ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
     971           1 :                                 wpa_auth_logger(wpa_auth, sm->addr,
     972             :                                                 LOGGER_WARNING,
     973             :                                                 "did not use HMAC-SHA1-AES "
     974             :                                                 "with CCMP/GCMP");
     975           1 :                                 return;
     976             :                         }
     977             :                 }
     978             : 
     979        2669 :                 if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) &&
     980             :                     ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
     981           0 :                         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
     982             :                                         "did not use EAPOL-Key descriptor version 0 as required for AKM-defined cases");
     983           0 :                         return;
     984             :                 }
     985             :         }
     986             : 
     987        2679 :         if (key_info & WPA_KEY_INFO_REQUEST) {
     988          24 :                 if (sm->req_replay_counter_used &&
     989           5 :                     os_memcmp(key->replay_counter, sm->req_replay_counter,
     990             :                               WPA_REPLAY_COUNTER_LEN) <= 0) {
     991           1 :                         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
     992             :                                         "received EAPOL-Key request with "
     993             :                                         "replayed counter");
     994           1 :                         return;
     995             :                 }
     996             :         }
     997             : 
     998        5338 :         if (!(key_info & WPA_KEY_INFO_REQUEST) &&
     999        2660 :             !wpa_replay_counter_valid(sm->key_replay, key->replay_counter)) {
    1000             :                 int i;
    1001             : 
    1002           8 :                 if (msg == PAIRWISE_2 &&
    1003           3 :                     wpa_replay_counter_valid(sm->prev_key_replay,
    1004           6 :                                              key->replay_counter) &&
    1005           6 :                     sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
    1006           3 :                     os_memcmp(sm->SNonce, key->key_nonce, WPA_NONCE_LEN) != 0)
    1007             :                 {
    1008             :                         /*
    1009             :                          * Some supplicant implementations (e.g., Windows XP
    1010             :                          * WZC) update SNonce for each EAPOL-Key 2/4. This
    1011             :                          * breaks the workaround on accepting any of the
    1012             :                          * pending requests, so allow the SNonce to be updated
    1013             :                          * even if we have already sent out EAPOL-Key 3/4.
    1014             :                          */
    1015           2 :                         wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
    1016             :                                          "Process SNonce update from STA "
    1017             :                                          "based on retransmitted EAPOL-Key "
    1018             :                                          "1/4");
    1019           2 :                         sm->update_snonce = 1;
    1020           2 :                         os_memcpy(sm->alt_SNonce, sm->SNonce, WPA_NONCE_LEN);
    1021           2 :                         sm->alt_snonce_valid = TRUE;
    1022           2 :                         os_memcpy(sm->alt_replay_counter,
    1023             :                                   sm->key_replay[0].counter,
    1024             :                                   WPA_REPLAY_COUNTER_LEN);
    1025           2 :                         goto continue_processing;
    1026             :                 }
    1027             : 
    1028           5 :                 if (msg == PAIRWISE_4 && sm->alt_snonce_valid &&
    1029           4 :                     sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
    1030           2 :                     os_memcmp(key->replay_counter, sm->alt_replay_counter,
    1031             :                               WPA_REPLAY_COUNTER_LEN) == 0) {
    1032             :                         /*
    1033             :                          * Supplicant may still be using the old SNonce since
    1034             :                          * there was two EAPOL-Key 2/4 messages and they had
    1035             :                          * different SNonce values.
    1036             :                          */
    1037           2 :                         wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
    1038             :                                          "Try to process received EAPOL-Key 4/4 based on old Replay Counter and SNonce from an earlier EAPOL-Key 1/4");
    1039           2 :                         goto continue_processing;
    1040             :                 }
    1041             : 
    1042           2 :                 if (msg == PAIRWISE_2 &&
    1043           1 :                     wpa_replay_counter_valid(sm->prev_key_replay,
    1044           2 :                                              key->replay_counter) &&
    1045           1 :                     sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
    1046           1 :                         wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
    1047             :                                          "ignore retransmitted EAPOL-Key %s - "
    1048             :                                          "SNonce did not change", msgtxt);
    1049             :                 } else {
    1050           0 :                         wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
    1051             :                                          "received EAPOL-Key %s with "
    1052             :                                          "unexpected replay counter", msgtxt);
    1053             :                 }
    1054           2 :                 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
    1055           2 :                         if (!sm->key_replay[i].valid)
    1056           1 :                                 break;
    1057           1 :                         wpa_hexdump(MSG_DEBUG, "pending replay counter",
    1058           1 :                                     sm->key_replay[i].counter,
    1059             :                                     WPA_REPLAY_COUNTER_LEN);
    1060             :                 }
    1061           1 :                 wpa_hexdump(MSG_DEBUG, "received replay counter",
    1062           1 :                             key->replay_counter, WPA_REPLAY_COUNTER_LEN);
    1063           1 :                 return;
    1064             :         }
    1065             : 
    1066             : continue_processing:
    1067        2677 :         switch (msg) {
    1068             :         case PAIRWISE_2:
    1069        1331 :                 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
    1070          10 :                     sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING &&
    1071           7 :                     (!sm->update_snonce ||
    1072           2 :                      sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) {
    1073           3 :                         wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
    1074             :                                          "received EAPOL-Key msg 2/4 in "
    1075             :                                          "invalid state (%d) - dropped",
    1076           3 :                                          sm->wpa_ptk_state);
    1077           3 :                         return;
    1078             :                 }
    1079             :                 random_add_randomness(key->key_nonce, WPA_NONCE_LEN);
    1080        1323 :                 if (sm->group->reject_4way_hs_for_entropy) {
    1081             :                         /*
    1082             :                          * The system did not have enough entropy to generate
    1083             :                          * strong random numbers. Reject the first 4-way
    1084             :                          * handshake(s) and collect some entropy based on the
    1085             :                          * information from it. Once enough entropy is
    1086             :                          * available, the next atempt will trigger GMK/Key
    1087             :                          * Counter update and the station will be allowed to
    1088             :                          * continue.
    1089             :                          */
    1090           0 :                         wpa_printf(MSG_DEBUG, "WPA: Reject 4-way handshake to "
    1091             :                                    "collect more entropy for random number "
    1092             :                                    "generation");
    1093             :                         random_mark_pool_ready();
    1094           0 :                         wpa_sta_disconnect(wpa_auth, sm->addr);
    1095           0 :                         return;
    1096             :                 }
    1097        1323 :                 if (wpa_parse_kde_ies(key_data, key_data_length, &kde) < 0) {
    1098           0 :                         wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
    1099             :                                          "received EAPOL-Key msg 2/4 with "
    1100             :                                          "invalid Key Data contents");
    1101           0 :                         return;
    1102             :                 }
    1103        1323 :                 if (kde.rsn_ie) {
    1104        1299 :                         eapol_key_ie = kde.rsn_ie;
    1105        1299 :                         eapol_key_ie_len = kde.rsn_ie_len;
    1106          24 :                 } else if (kde.osen) {
    1107           2 :                         eapol_key_ie = kde.osen;
    1108           2 :                         eapol_key_ie_len = kde.osen_len;
    1109             :                 } else {
    1110          22 :                         eapol_key_ie = kde.wpa_ie;
    1111          22 :                         eapol_key_ie_len = kde.wpa_ie_len;
    1112             :                 }
    1113        2624 :                 ft = sm->wpa == WPA_VERSION_WPA2 &&
    1114        1301 :                         wpa_key_mgmt_ft(sm->wpa_key_mgmt);
    1115        2646 :                 if (sm->wpa_ie == NULL ||
    1116        2646 :                     wpa_compare_rsn_ie(ft,
    1117        1323 :                                        sm->wpa_ie, sm->wpa_ie_len,
    1118             :                                        eapol_key_ie, eapol_key_ie_len)) {
    1119           0 :                         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
    1120             :                                         "WPA IE from (Re)AssocReq did not "
    1121             :                                         "match with msg 2/4");
    1122           0 :                         if (sm->wpa_ie) {
    1123           0 :                                 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
    1124           0 :                                             sm->wpa_ie, sm->wpa_ie_len);
    1125             :                         }
    1126           0 :                         wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
    1127             :                                     eapol_key_ie, eapol_key_ie_len);
    1128             :                         /* MLME-DEAUTHENTICATE.request */
    1129           0 :                         wpa_sta_disconnect(wpa_auth, sm->addr);
    1130           0 :                         return;
    1131             :                 }
    1132             : #ifdef CONFIG_IEEE80211R
    1133        1323 :                 if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) {
    1134           0 :                         wpa_sta_disconnect(wpa_auth, sm->addr);
    1135           0 :                         return;
    1136             :                 }
    1137             : #endif /* CONFIG_IEEE80211R */
    1138             : #ifdef CONFIG_P2P
    1139         426 :                 if (kde.ip_addr_req && kde.ip_addr_req[0] &&
    1140         284 :                     wpa_auth->ip_pool && WPA_GET_BE32(sm->ip_addr) == 0) {
    1141             :                         int idx;
    1142          85 :                         wpa_printf(MSG_DEBUG, "P2P: IP address requested in "
    1143             :                                    "EAPOL-Key exchange");
    1144          85 :                         idx = bitfield_get_first_zero(wpa_auth->ip_pool);
    1145          85 :                         if (idx >= 0) {
    1146          85 :                                 u32 start = WPA_GET_BE32(wpa_auth->conf.
    1147             :                                                          ip_addr_start);
    1148          85 :                                 bitfield_set(wpa_auth->ip_pool, idx);
    1149          85 :                                 WPA_PUT_BE32(sm->ip_addr, start + idx);
    1150         850 :                                 wpa_printf(MSG_DEBUG, "P2P: Assigned IP "
    1151             :                                            "address %u.%u.%u.%u to " MACSTR,
    1152         170 :                                            sm->ip_addr[0], sm->ip_addr[1],
    1153         170 :                                            sm->ip_addr[2], sm->ip_addr[3],
    1154         510 :                                            MAC2STR(sm->addr));
    1155             :                         }
    1156             :                 }
    1157             : #endif /* CONFIG_P2P */
    1158        1323 :                 break;
    1159             :         case PAIRWISE_4:
    1160        2600 :                 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
    1161        1299 :                     !sm->PTK_valid) {
    1162           2 :                         wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
    1163             :                                          "received EAPOL-Key msg 4/4 in "
    1164             :                                          "invalid state (%d) - dropped",
    1165           2 :                                          sm->wpa_ptk_state);
    1166           2 :                         return;
    1167             :                 }
    1168        1299 :                 break;
    1169             :         case GROUP_2:
    1170          30 :                 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
    1171          30 :                     || !sm->PTK_valid) {
    1172           0 :                         wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
    1173             :                                          "received EAPOL-Key msg 2/2 in "
    1174             :                                          "invalid state (%d) - dropped",
    1175           0 :                                          sm->wpa_ptk_group_state);
    1176           0 :                         return;
    1177             :                 }
    1178          30 :                 break;
    1179             : #ifdef CONFIG_PEERKEY
    1180             :         case SMK_M1:
    1181             :         case SMK_M3:
    1182             :         case SMK_ERROR:
    1183          10 :                 if (!wpa_auth->conf.peerkey) {
    1184           3 :                         wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
    1185             :                                    "PeerKey use disabled - ignoring message");
    1186           3 :                         return;
    1187             :                 }
    1188           7 :                 if (!sm->PTK_valid) {
    1189           0 :                         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
    1190             :                                         "received EAPOL-Key msg SMK in "
    1191             :                                         "invalid state - dropped");
    1192           0 :                         return;
    1193             :                 }
    1194           7 :                 break;
    1195             : #else /* CONFIG_PEERKEY */
    1196             :         case SMK_M1:
    1197             :         case SMK_M3:
    1198             :         case SMK_ERROR:
    1199             :                 return; /* STSL disabled - ignore SMK messages */
    1200             : #endif /* CONFIG_PEERKEY */
    1201             :         case REQUEST:
    1202          10 :                 break;
    1203             :         }
    1204             : 
    1205        2669 :         wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
    1206             :                          "received EAPOL-Key frame (%s)", msgtxt);
    1207             : 
    1208        2669 :         if (key_info & WPA_KEY_INFO_ACK) {
    1209           0 :                 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
    1210             :                                 "received invalid EAPOL-Key: Key Ack set");
    1211           0 :                 return;
    1212             :         }
    1213             : 
    1214        2669 :         if (!(key_info & WPA_KEY_INFO_MIC)) {
    1215           0 :                 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
    1216             :                                 "received invalid EAPOL-Key: Key MIC not set");
    1217           0 :                 return;
    1218             :         }
    1219             : 
    1220        2669 :         sm->MICVerified = FALSE;
    1221        2669 :         if (sm->PTK_valid && !sm->update_snonce) {
    1222        1344 :                 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &sm->PTK, data,
    1223           1 :                                        data_len) &&
    1224           2 :                     (msg != PAIRWISE_4 || !sm->alt_snonce_valid ||
    1225           1 :                      wpa_try_alt_snonce(sm, data, data_len))) {
    1226           0 :                         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
    1227             :                                         "received EAPOL-Key with invalid MIC");
    1228           0 :                         return;
    1229             :                 }
    1230        1344 :                 sm->MICVerified = TRUE;
    1231        1344 :                 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
    1232        1344 :                 sm->pending_1_of_4_timeout = 0;
    1233             :         }
    1234             : 
    1235        2669 :         if (key_info & WPA_KEY_INFO_REQUEST) {
    1236          16 :                 if (sm->MICVerified) {
    1237          14 :                         sm->req_replay_counter_used = 1;
    1238          14 :                         os_memcpy(sm->req_replay_counter, key->replay_counter,
    1239             :                                   WPA_REPLAY_COUNTER_LEN);
    1240             :                 } else {
    1241           2 :                         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
    1242             :                                         "received EAPOL-Key request with "
    1243             :                                         "invalid MIC");
    1244           2 :                         return;
    1245             :                 }
    1246             : 
    1247             :                 /*
    1248             :                  * TODO: should decrypt key data field if encryption was used;
    1249             :                  * even though MAC address KDE is not normally encrypted,
    1250             :                  * supplicant is allowed to encrypt it.
    1251             :                  */
    1252          14 :                 if (msg == SMK_ERROR) {
    1253             : #ifdef CONFIG_PEERKEY
    1254           2 :                         wpa_smk_error(wpa_auth, sm, key_data, key_data_length);
    1255             : #endif /* CONFIG_PEERKEY */
    1256           2 :                         return;
    1257          12 :                 } else if (key_info & WPA_KEY_INFO_ERROR) {
    1258           4 :                         if (wpa_receive_error_report(
    1259             :                                     wpa_auth, sm,
    1260           4 :                                     !(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0)
    1261           2 :                                 return; /* STA entry was removed */
    1262           8 :                 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
    1263           3 :                         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
    1264             :                                         "received EAPOL-Key Request for new "
    1265             :                                         "4-Way Handshake");
    1266           3 :                         wpa_request_new_ptk(sm);
    1267             : #ifdef CONFIG_PEERKEY
    1268           5 :                 } else if (msg == SMK_M1) {
    1269           4 :                         wpa_smk_m1(wpa_auth, sm, key, key_data,
    1270             :                                    key_data_length);
    1271             : #endif /* CONFIG_PEERKEY */
    1272           2 :                 } else if (key_data_length > 0 &&
    1273           1 :                            wpa_parse_kde_ies(key_data, key_data_length,
    1274           1 :                                              &kde) == 0 &&
    1275           1 :                            kde.mac_addr) {
    1276             :                 } else {
    1277           1 :                         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
    1278             :                                         "received EAPOL-Key Request for GTK "
    1279             :                                         "rekeying");
    1280           1 :                         eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
    1281           1 :                         wpa_rekey_gtk(wpa_auth, NULL);
    1282             :                 }
    1283             :         } else {
    1284             :                 /* Do not allow the same key replay counter to be reused. */
    1285        2653 :                 wpa_replay_counter_mark_invalid(sm->key_replay,
    1286        2653 :                                                 key->replay_counter);
    1287             : 
    1288        2653 :                 if (msg == PAIRWISE_2) {
    1289             :                         /*
    1290             :                          * Maintain a copy of the pending EAPOL-Key frames in
    1291             :                          * case the EAPOL-Key frame was retransmitted. This is
    1292             :                          * needed to allow EAPOL-Key msg 2/4 reply to another
    1293             :                          * pending msg 1/4 to update the SNonce to work around
    1294             :                          * unexpected supplicant behavior.
    1295             :                          */
    1296        1323 :                         os_memcpy(sm->prev_key_replay, sm->key_replay,
    1297             :                                   sizeof(sm->key_replay));
    1298             :                 } else {
    1299        1330 :                         os_memset(sm->prev_key_replay, 0,
    1300             :                                   sizeof(sm->prev_key_replay));
    1301             :                 }
    1302             : 
    1303             :                 /*
    1304             :                  * Make sure old valid counters are not accepted anymore and
    1305             :                  * do not get copied again.
    1306             :                  */
    1307        2653 :                 wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
    1308             :         }
    1309             : 
    1310             : #ifdef CONFIG_PEERKEY
    1311        2663 :         if (msg == SMK_M3) {
    1312           1 :                 wpa_smk_m3(wpa_auth, sm, key, key_data, key_data_length);
    1313           1 :                 return;
    1314             :         }
    1315             : #endif /* CONFIG_PEERKEY */
    1316             : 
    1317        2662 :         os_free(sm->last_rx_eapol_key);
    1318        2662 :         sm->last_rx_eapol_key = os_malloc(data_len);
    1319        2662 :         if (sm->last_rx_eapol_key == NULL)
    1320           4 :                 return;
    1321        2658 :         os_memcpy(sm->last_rx_eapol_key, data, data_len);
    1322        2658 :         sm->last_rx_eapol_key_len = data_len;
    1323             : 
    1324        2658 :         sm->rx_eapol_key_secure = !!(key_info & WPA_KEY_INFO_SECURE);
    1325        2658 :         sm->EAPOLKeyReceived = TRUE;
    1326        2658 :         sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
    1327        2658 :         sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
    1328        2658 :         os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
    1329        2658 :         wpa_sm_step(sm);
    1330             : }
    1331             : 
    1332             : 
    1333        1822 : static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr,
    1334             :                           const u8 *gnonce, u8 *gtk, size_t gtk_len)
    1335             : {
    1336             :         u8 data[ETH_ALEN + WPA_NONCE_LEN + 8 + 16];
    1337             :         u8 *pos;
    1338        1822 :         int ret = 0;
    1339             : 
    1340             :         /* GTK = PRF-X(GMK, "Group key expansion",
    1341             :          *      AA || GNonce || Time || random data)
    1342             :          * The example described in the IEEE 802.11 standard uses only AA and
    1343             :          * GNonce as inputs here. Add some more entropy since this derivation
    1344             :          * is done only at the Authenticator and as such, does not need to be
    1345             :          * exactly same.
    1346             :          */
    1347        1822 :         os_memcpy(data, addr, ETH_ALEN);
    1348        1822 :         os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
    1349        1822 :         pos = data + ETH_ALEN + WPA_NONCE_LEN;
    1350        1822 :         wpa_get_ntp_timestamp(pos);
    1351        1822 :         pos += 8;
    1352        1822 :         if (random_get_bytes(pos, 16) < 0)
    1353           0 :                 ret = -1;
    1354             : 
    1355             : #ifdef CONFIG_IEEE80211W
    1356        1822 :         sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len);
    1357             : #else /* CONFIG_IEEE80211W */
    1358             :         if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len)
    1359             :             < 0)
    1360             :                 ret = -1;
    1361             : #endif /* CONFIG_IEEE80211W */
    1362             : 
    1363        1822 :         return ret;
    1364             : }
    1365             : 
    1366             : 
    1367          33 : static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
    1368             : {
    1369          33 :         struct wpa_authenticator *wpa_auth = eloop_ctx;
    1370          33 :         struct wpa_state_machine *sm = timeout_ctx;
    1371             : 
    1372          33 :         sm->pending_1_of_4_timeout = 0;
    1373          33 :         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
    1374          33 :         sm->TimeoutEvt = TRUE;
    1375          33 :         wpa_sm_step(sm);
    1376          33 : }
    1377             : 
    1378             : 
    1379        2682 : void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
    1380             :                       struct wpa_state_machine *sm, int key_info,
    1381             :                       const u8 *key_rsc, const u8 *nonce,
    1382             :                       const u8 *kde, size_t kde_len,
    1383             :                       int keyidx, int encr, int force_version)
    1384             : {
    1385             :         struct ieee802_1x_hdr *hdr;
    1386             :         struct wpa_eapol_key *key;
    1387             :         struct wpa_eapol_key_192 *key192;
    1388             :         size_t len, mic_len, keyhdrlen;
    1389             :         int alg;
    1390        2682 :         int key_data_len, pad_len = 0;
    1391             :         u8 *buf, *pos;
    1392             :         int version, pairwise;
    1393             :         int i;
    1394             :         u8 *key_data;
    1395             : 
    1396        2682 :         mic_len = wpa_mic_len(sm->wpa_key_mgmt);
    1397        2682 :         keyhdrlen = mic_len == 24 ? sizeof(*key192) : sizeof(*key);
    1398             : 
    1399        2682 :         len = sizeof(struct ieee802_1x_hdr) + keyhdrlen;
    1400             : 
    1401        2682 :         if (force_version)
    1402           0 :                 version = force_version;
    1403        5360 :         else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
    1404        2678 :                  wpa_key_mgmt_suite_b(sm->wpa_key_mgmt))
    1405          12 :                 version = WPA_KEY_INFO_TYPE_AKM_DEFINED;
    1406        2670 :         else if (wpa_use_aes_cmac(sm))
    1407         108 :                 version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
    1408        2562 :         else if (sm->pairwise != WPA_CIPHER_TKIP)
    1409        2492 :                 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
    1410             :         else
    1411          70 :                 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
    1412             : 
    1413        2682 :         pairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
    1414             : 
    1415       10728 :         wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
    1416             :                    "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
    1417             :                    "encr=%d)",
    1418             :                    version,
    1419        2682 :                    (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
    1420        2682 :                    (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
    1421        2682 :                    (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
    1422        2682 :                    (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
    1423             :                    pairwise, (unsigned long) kde_len, keyidx, encr);
    1424             : 
    1425        2682 :         key_data_len = kde_len;
    1426             : 
    1427        2872 :         if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
    1428         376 :              sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
    1429         364 :              wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) ||
    1430        2612 :              version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
    1431        1291 :                 pad_len = key_data_len % 8;
    1432        1291 :                 if (pad_len)
    1433        1194 :                         pad_len = 8 - pad_len;
    1434        1291 :                 key_data_len += pad_len + 8;
    1435             :         }
    1436             : 
    1437        2682 :         len += key_data_len;
    1438             : 
    1439        2682 :         hdr = os_zalloc(len);
    1440        2682 :         if (hdr == NULL)
    1441           1 :                 return;
    1442        2681 :         hdr->version = wpa_auth->conf.eapol_version;
    1443        2681 :         hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
    1444        2681 :         hdr->length = host_to_be16(len  - sizeof(*hdr));
    1445        2681 :         key = (struct wpa_eapol_key *) (hdr + 1);
    1446        2681 :         key192 = (struct wpa_eapol_key_192 *) (hdr + 1);
    1447        2681 :         key_data = ((u8 *) (hdr + 1)) + keyhdrlen;
    1448             : 
    1449        2681 :         key->type = sm->wpa == WPA_VERSION_WPA2 ?
    1450             :                 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
    1451        2681 :         key_info |= version;
    1452        2681 :         if (encr && sm->wpa == WPA_VERSION_WPA2)
    1453        1292 :                 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
    1454        2681 :         if (sm->wpa != WPA_VERSION_WPA2)
    1455          67 :                 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
    1456        2681 :         WPA_PUT_BE16(key->key_info, key_info);
    1457             : 
    1458        2681 :         alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
    1459        2681 :         WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
    1460        2681 :         if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
    1461           8 :                 WPA_PUT_BE16(key->key_length, 0);
    1462             : 
    1463             :         /* FIX: STSL: what to use as key_replay_counter? */
    1464       10724 :         for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
    1465        8043 :                 sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
    1466        8043 :                 os_memcpy(sm->key_replay[i].counter,
    1467             :                           sm->key_replay[i - 1].counter,
    1468             :                           WPA_REPLAY_COUNTER_LEN);
    1469             :         }
    1470        2681 :         inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
    1471        2681 :         os_memcpy(key->replay_counter, sm->key_replay[0].counter,
    1472             :                   WPA_REPLAY_COUNTER_LEN);
    1473        2681 :         wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter",
    1474        2681 :                     key->replay_counter, WPA_REPLAY_COUNTER_LEN);
    1475        2681 :         sm->key_replay[0].valid = TRUE;
    1476             : 
    1477        2681 :         if (nonce)
    1478        2678 :                 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
    1479             : 
    1480        2681 :         if (key_rsc)
    1481        1313 :                 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
    1482             : 
    1483        2681 :         if (kde && !encr) {
    1484         654 :                 os_memcpy(key_data, kde, kde_len);
    1485        1308 :                 if (mic_len == 24)
    1486           1 :                         WPA_PUT_BE16(key192->key_data_length, kde_len);
    1487             :                 else
    1488         653 :                         WPA_PUT_BE16(key->key_data_length, kde_len);
    1489        2027 :         } else if (encr && kde) {
    1490        1315 :                 buf = os_zalloc(key_data_len);
    1491        1315 :                 if (buf == NULL) {
    1492           0 :                         os_free(hdr);
    1493           0 :                         return;
    1494             :                 }
    1495        1315 :                 pos = buf;
    1496        1315 :                 os_memcpy(pos, kde, kde_len);
    1497        1315 :                 pos += kde_len;
    1498             : 
    1499        1315 :                 if (pad_len)
    1500        1194 :                         *pos++ = 0xdd;
    1501             : 
    1502        1315 :                 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
    1503             :                                 buf, key_data_len);
    1504        1400 :                 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
    1505         168 :                     sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
    1506         162 :                     wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) ||
    1507             :                     version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
    1508        1291 :                         if (aes_wrap(sm->PTK.kek, sm->PTK.kek_len,
    1509        1291 :                                      (key_data_len - 8) / 8, buf, key_data)) {
    1510           0 :                                 os_free(hdr);
    1511           0 :                                 os_free(buf);
    1512           0 :                                 return;
    1513             :                         }
    1514        2582 :                         if (mic_len == 24)
    1515           2 :                                 WPA_PUT_BE16(key192->key_data_length,
    1516             :                                              key_data_len);
    1517             :                         else
    1518        1289 :                                 WPA_PUT_BE16(key->key_data_length,
    1519             :                                              key_data_len);
    1520          24 :                 } else if (sm->PTK.kek_len == 16) {
    1521             :                         u8 ek[32];
    1522          24 :                         os_memcpy(key->key_iv,
    1523             :                                   sm->group->Counter + WPA_NONCE_LEN - 16, 16);
    1524          24 :                         inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
    1525          24 :                         os_memcpy(ek, key->key_iv, 16);
    1526          24 :                         os_memcpy(ek + 16, sm->PTK.kek, sm->PTK.kek_len);
    1527          24 :                         os_memcpy(key_data, buf, key_data_len);
    1528          24 :                         rc4_skip(ek, 32, 256, key_data, key_data_len);
    1529          24 :                         if (mic_len == 24)
    1530           0 :                                 WPA_PUT_BE16(key192->key_data_length,
    1531             :                                              key_data_len);
    1532             :                         else
    1533          24 :                                 WPA_PUT_BE16(key->key_data_length,
    1534             :                                              key_data_len);
    1535             :                 } else {
    1536           0 :                         os_free(hdr);
    1537           0 :                         os_free(buf);
    1538           0 :                         return;
    1539             :                 }
    1540        1315 :                 os_free(buf);
    1541             :         }
    1542             : 
    1543        2681 :         if (key_info & WPA_KEY_INFO_MIC) {
    1544             :                 u8 *key_mic;
    1545             : 
    1546        1343 :                 if (!sm->PTK_valid) {
    1547           0 :                         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
    1548             :                                         "PTK not valid when sending EAPOL-Key "
    1549             :                                         "frame");
    1550           0 :                         os_free(hdr);
    1551           0 :                         return;
    1552             :                 }
    1553             : 
    1554        1343 :                 key_mic = key192->key_mic; /* same offset for key and key192 */
    1555        1343 :                 wpa_eapol_key_mic(sm->PTK.kck, sm->PTK.kck_len,
    1556             :                                   sm->wpa_key_mgmt, version,
    1557             :                                   (u8 *) hdr, len, key_mic);
    1558             : #ifdef CONFIG_TESTING_OPTIONS
    1559        1384 :                 if (!pairwise &&
    1560          41 :                     wpa_auth->conf.corrupt_gtk_rekey_mic_probability > 0.0 &&
    1561           0 :                     drand48() <
    1562           0 :                     wpa_auth->conf.corrupt_gtk_rekey_mic_probability) {
    1563           0 :                         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
    1564             :                                         "Corrupting group EAPOL-Key Key MIC");
    1565           0 :                         key_mic[0]++;
    1566             :                 }
    1567             : #endif /* CONFIG_TESTING_OPTIONS */
    1568             :         }
    1569             : 
    1570        2681 :         wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
    1571             :                            1);
    1572        2681 :         wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
    1573        2681 :                             sm->pairwise_set);
    1574        2681 :         os_free(hdr);
    1575             : }
    1576             : 
    1577             : 
    1578        2674 : static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
    1579             :                            struct wpa_state_machine *sm, int key_info,
    1580             :                            const u8 *key_rsc, const u8 *nonce,
    1581             :                            const u8 *kde, size_t kde_len,
    1582             :                            int keyidx, int encr)
    1583             : {
    1584             :         int timeout_ms;
    1585        2674 :         int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
    1586             :         int ctr;
    1587             : 
    1588        2674 :         if (sm == NULL)
    1589        2674 :                 return;
    1590             : 
    1591        2674 :         __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
    1592             :                          keyidx, encr, 0);
    1593             : 
    1594        2674 :         ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
    1595        2674 :         if (ctr == 1 && wpa_auth->conf.tx_status)
    1596        2613 :                 timeout_ms = pairwise ? eapol_key_timeout_first :
    1597             :                         eapol_key_timeout_first_group;
    1598             :         else
    1599          61 :                 timeout_ms = eapol_key_timeout_subseq;
    1600        2674 :         if (pairwise && ctr == 1 && !(key_info & WPA_KEY_INFO_MIC))
    1601        1305 :                 sm->pending_1_of_4_timeout = 1;
    1602        2674 :         wpa_printf(MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry "
    1603             :                    "counter %d)", timeout_ms, ctr);
    1604        2674 :         eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
    1605             :                                wpa_send_eapol_timeout, wpa_auth, sm);
    1606             : }
    1607             : 
    1608             : 
    1609        2666 : static int wpa_verify_key_mic(int akmp, struct wpa_ptk *PTK, u8 *data,
    1610             :                               size_t data_len)
    1611             : {
    1612             :         struct ieee802_1x_hdr *hdr;
    1613             :         struct wpa_eapol_key *key;
    1614             :         struct wpa_eapol_key_192 *key192;
    1615             :         u16 key_info;
    1616        2666 :         int ret = 0;
    1617             :         u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
    1618        2666 :         size_t mic_len = wpa_mic_len(akmp);
    1619             : 
    1620        2666 :         if (data_len < sizeof(*hdr) + sizeof(*key))
    1621           0 :                 return -1;
    1622             : 
    1623        2666 :         hdr = (struct ieee802_1x_hdr *) data;
    1624        2666 :         key = (struct wpa_eapol_key *) (hdr + 1);
    1625        2666 :         key192 = (struct wpa_eapol_key_192 *) (hdr + 1);
    1626        2666 :         key_info = WPA_GET_BE16(key->key_info);
    1627        2666 :         os_memcpy(mic, key192->key_mic, mic_len);
    1628        2666 :         os_memset(key192->key_mic, 0, mic_len);
    1629        2666 :         if (wpa_eapol_key_mic(PTK->kck, PTK->kck_len, akmp,
    1630             :                               key_info & WPA_KEY_INFO_TYPE_MASK,
    1631        5332 :                               data, data_len, key192->key_mic) ||
    1632        2666 :             os_memcmp_const(mic, key192->key_mic, mic_len) != 0)
    1633          18 :                 ret = -1;
    1634        2666 :         os_memcpy(key192->key_mic, mic, mic_len);
    1635        2666 :         return ret;
    1636             : }
    1637             : 
    1638             : 
    1639        9377 : void wpa_remove_ptk(struct wpa_state_machine *sm)
    1640             : {
    1641        9377 :         sm->PTK_valid = FALSE;
    1642        9377 :         os_memset(&sm->PTK, 0, sizeof(sm->PTK));
    1643        9377 :         wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL, 0);
    1644        9377 :         sm->pairwise_set = FALSE;
    1645        9377 :         eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
    1646        9377 : }
    1647             : 
    1648             : 
    1649        7134 : int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
    1650             : {
    1651        7134 :         int remove_ptk = 1;
    1652             : 
    1653        7134 :         if (sm == NULL)
    1654        3647 :                 return -1;
    1655             : 
    1656        3487 :         wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
    1657             :                          "event %d notification", event);
    1658             : 
    1659        3487 :         switch (event) {
    1660             :         case WPA_AUTH:
    1661             : #ifdef CONFIG_MESH
    1662             :                 /* PTKs are derived through AMPE */
    1663          11 :                 if (wpa_auth_start_ampe(sm->wpa_auth, sm->addr)) {
    1664             :                         /* not mesh */
    1665           5 :                         break;
    1666             :                 }
    1667           6 :                 return 0;
    1668             : #endif /* CONFIG_MESH */
    1669             :         case WPA_ASSOC:
    1670        1720 :                 break;
    1671             :         case WPA_DEAUTH:
    1672             :         case WPA_DISASSOC:
    1673        1447 :                 sm->DeauthenticationRequest = TRUE;
    1674        1447 :                 break;
    1675             :         case WPA_REAUTH:
    1676             :         case WPA_REAUTH_EAPOL:
    1677          88 :                 if (!sm->started) {
    1678             :                         /*
    1679             :                          * When using WPS, we may end up here if the STA
    1680             :                          * manages to re-associate without the previous STA
    1681             :                          * entry getting removed. Consequently, we need to make
    1682             :                          * sure that the WPA state machines gets initialized
    1683             :                          * properly at this point.
    1684             :                          */
    1685           0 :                         wpa_printf(MSG_DEBUG, "WPA state machine had not been "
    1686             :                                    "started - initialize now");
    1687           0 :                         sm->started = 1;
    1688           0 :                         sm->Init = TRUE;
    1689           0 :                         if (wpa_sm_step(sm) == 1)
    1690           0 :                                 return 1; /* should not really happen */
    1691           0 :                         sm->Init = FALSE;
    1692           0 :                         sm->AuthenticationRequest = TRUE;
    1693           0 :                         break;
    1694             :                 }
    1695          88 :                 if (sm->GUpdateStationKeys) {
    1696             :                         /*
    1697             :                          * Reauthentication cancels the pending group key
    1698             :                          * update for this STA.
    1699             :                          */
    1700           0 :                         sm->group->GKeyDoneStations--;
    1701           0 :                         sm->GUpdateStationKeys = FALSE;
    1702           0 :                         sm->PtkGroupInit = TRUE;
    1703             :                 }
    1704          88 :                 sm->ReAuthenticationRequest = TRUE;
    1705          88 :                 break;
    1706             :         case WPA_ASSOC_FT:
    1707             : #ifdef CONFIG_IEEE80211R
    1708         221 :                 wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration "
    1709             :                            "after association");
    1710         221 :                 wpa_ft_install_ptk(sm);
    1711             : 
    1712             :                 /* Using FT protocol, not WPA auth state machine */
    1713         221 :                 sm->ft_completed = 1;
    1714         221 :                 return 0;
    1715             : #else /* CONFIG_IEEE80211R */
    1716             :                 break;
    1717             : #endif /* CONFIG_IEEE80211R */
    1718             :         }
    1719             : 
    1720             : #ifdef CONFIG_IEEE80211R
    1721        3260 :         sm->ft_completed = 0;
    1722             : #endif /* CONFIG_IEEE80211R */
    1723             : 
    1724             : #ifdef CONFIG_IEEE80211W
    1725        3260 :         if (sm->mgmt_frame_prot && event == WPA_AUTH)
    1726           4 :                 remove_ptk = 0;
    1727             : #endif /* CONFIG_IEEE80211W */
    1728             : 
    1729        3260 :         if (remove_ptk) {
    1730        3256 :                 sm->PTK_valid = FALSE;
    1731        3256 :                 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
    1732             : 
    1733        3256 :                 if (event != WPA_REAUTH_EAPOL)
    1734        3173 :                         wpa_remove_ptk(sm);
    1735             :         }
    1736             : 
    1737        3260 :         return wpa_sm_step(sm);
    1738             : }
    1739             : 
    1740             : 
    1741        3017 : SM_STATE(WPA_PTK, INITIALIZE)
    1742             : {
    1743        3017 :         SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
    1744        3017 :         if (sm->Init) {
    1745             :                 /* Init flag is not cleared here, so avoid busy
    1746             :                  * loop by claiming nothing changed. */
    1747        1568 :                 sm->changed = FALSE;
    1748             :         }
    1749             : 
    1750        3017 :         sm->keycount = 0;
    1751        3017 :         if (sm->GUpdateStationKeys)
    1752           0 :                 sm->group->GKeyDoneStations--;
    1753        3017 :         sm->GUpdateStationKeys = FALSE;
    1754        3017 :         if (sm->wpa == WPA_VERSION_WPA)
    1755          31 :                 sm->PInitAKeys = FALSE;
    1756             :         if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
    1757             :                * Local AA > Remote AA)) */) {
    1758        3017 :                 sm->Pair = TRUE;
    1759             :         }
    1760        3017 :         wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
    1761        3017 :         wpa_remove_ptk(sm);
    1762        3017 :         wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
    1763        3017 :         sm->TimeoutCtr = 0;
    1764        3017 :         if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
    1765        1167 :                 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
    1766             :                                    WPA_EAPOL_authorized, 0);
    1767             :         }
    1768        3017 : }
    1769             : 
    1770             : 
    1771          17 : SM_STATE(WPA_PTK, DISCONNECT)
    1772             : {
    1773          17 :         SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
    1774          17 :         sm->Disconnect = FALSE;
    1775          17 :         wpa_sta_disconnect(sm->wpa_auth, sm->addr);
    1776          17 : }
    1777             : 
    1778             : 
    1779        1449 : SM_STATE(WPA_PTK, DISCONNECTED)
    1780             : {
    1781        1449 :         SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
    1782        1449 :         sm->DeauthenticationRequest = FALSE;
    1783        1449 : }
    1784             : 
    1785             : 
    1786        1568 : SM_STATE(WPA_PTK, AUTHENTICATION)
    1787             : {
    1788        1568 :         SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
    1789        1568 :         os_memset(&sm->PTK, 0, sizeof(sm->PTK));
    1790        1568 :         sm->PTK_valid = FALSE;
    1791        1568 :         wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
    1792             :                            1);
    1793        1568 :         wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
    1794        1568 :         sm->AuthenticationRequest = FALSE;
    1795        1568 : }
    1796             : 
    1797             : 
    1798        1728 : static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth,
    1799             :                                   struct wpa_group *group)
    1800             : {
    1801        1728 :         if (group->first_sta_seen)
    1802        2781 :                 return;
    1803             :         /*
    1804             :          * System has run bit further than at the time hostapd was started
    1805             :          * potentially very early during boot up. This provides better chances
    1806             :          * of collecting more randomness on embedded systems. Re-initialize the
    1807             :          * GMK and Counter here to improve their strength if there was not
    1808             :          * enough entropy available immediately after system startup.
    1809             :          */
    1810         675 :         wpa_printf(MSG_DEBUG, "WPA: Re-initialize GMK/Counter on first "
    1811             :                    "station");
    1812             :         if (random_pool_ready() != 1) {
    1813             :                 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
    1814             :                            "to proceed - reject first 4-way handshake");
    1815             :                 group->reject_4way_hs_for_entropy = TRUE;
    1816             :         } else {
    1817         675 :                 group->first_sta_seen = TRUE;
    1818         675 :                 group->reject_4way_hs_for_entropy = FALSE;
    1819             :         }
    1820             : 
    1821         675 :         wpa_group_init_gmk_and_counter(wpa_auth, group);
    1822         675 :         wpa_gtk_update(wpa_auth, group);
    1823         675 :         wpa_group_config_group_keys(wpa_auth, group);
    1824             : }
    1825             : 
    1826             : 
    1827        1728 : SM_STATE(WPA_PTK, AUTHENTICATION2)
    1828             : {
    1829        1728 :         SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
    1830             : 
    1831        1728 :         wpa_group_ensure_init(sm->wpa_auth, sm->group);
    1832        1728 :         sm->ReAuthenticationRequest = FALSE;
    1833             : 
    1834             :         /*
    1835             :          * Definition of ANonce selection in IEEE Std 802.11i-2004 is somewhat
    1836             :          * ambiguous. The Authenticator state machine uses a counter that is
    1837             :          * incremented by one for each 4-way handshake. However, the security
    1838             :          * analysis of 4-way handshake points out that unpredictable nonces
    1839             :          * help in preventing precomputation attacks. Instead of the state
    1840             :          * machine definition, use an unpredictable nonce value here to provide
    1841             :          * stronger protection against potential precomputation attacks.
    1842             :          */
    1843        1728 :         if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
    1844           0 :                 wpa_printf(MSG_ERROR, "WPA: Failed to get random data for "
    1845             :                            "ANonce.");
    1846           0 :                 sm->Disconnect = TRUE;
    1847        1728 :                 return;
    1848             :         }
    1849        1728 :         wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce,
    1850             :                     WPA_NONCE_LEN);
    1851             :         /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
    1852             :          * logical place than INITIALIZE since AUTHENTICATION2 can be
    1853             :          * re-entered on ReAuthenticationRequest without going through
    1854             :          * INITIALIZE. */
    1855        1728 :         sm->TimeoutCtr = 0;
    1856             : }
    1857             : 
    1858             : 
    1859         644 : SM_STATE(WPA_PTK, INITPMK)
    1860             : {
    1861             :         u8 msk[2 * PMK_LEN];
    1862         644 :         size_t len = 2 * PMK_LEN;
    1863             : 
    1864         644 :         SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
    1865             : #ifdef CONFIG_IEEE80211R
    1866         644 :         sm->xxkey_len = 0;
    1867             : #endif /* CONFIG_IEEE80211R */
    1868         644 :         if (sm->pmksa) {
    1869          29 :                 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
    1870          29 :                 os_memcpy(sm->PMK, sm->pmksa->pmk, PMK_LEN);
    1871         615 :         } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
    1872         603 :                 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
    1873             :                            "(len=%lu)", (unsigned long) len);
    1874         603 :                 os_memcpy(sm->PMK, msk, PMK_LEN);
    1875             : #ifdef CONFIG_IEEE80211R
    1876         603 :                 if (len >= 2 * PMK_LEN) {
    1877         603 :                         os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
    1878         603 :                         sm->xxkey_len = PMK_LEN;
    1879             :                 }
    1880             : #endif /* CONFIG_IEEE80211R */
    1881             :         } else {
    1882          12 :                 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK, get_msk: %p",
    1883          12 :                            sm->wpa_auth->cb.get_msk);
    1884          12 :                 sm->Disconnect = TRUE;
    1885         656 :                 return;
    1886             :         }
    1887         632 :         os_memset(msk, 0, sizeof(msk));
    1888             : 
    1889         632 :         sm->req_replay_counter_used = 0;
    1890             :         /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
    1891             :          * will break reauthentication since EAPOL state machines may not be
    1892             :          * get into AUTHENTICATING state that clears keyRun before WPA state
    1893             :          * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
    1894             :          * state and takes PMK from the previously used AAA Key. This will
    1895             :          * eventually fail in 4-Way Handshake because Supplicant uses PMK
    1896             :          * derived from the new AAA Key. Setting keyRun = FALSE here seems to
    1897             :          * be good workaround for this issue. */
    1898         632 :         wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
    1899             : }
    1900             : 
    1901             : 
    1902         673 : SM_STATE(WPA_PTK, INITPSK)
    1903             : {
    1904             :         const u8 *psk;
    1905         673 :         SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
    1906         673 :         psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr, NULL);
    1907         673 :         if (psk) {
    1908         673 :                 os_memcpy(sm->PMK, psk, PMK_LEN);
    1909             : #ifdef CONFIG_IEEE80211R
    1910         673 :                 os_memcpy(sm->xxkey, psk, PMK_LEN);
    1911         673 :                 sm->xxkey_len = PMK_LEN;
    1912             : #endif /* CONFIG_IEEE80211R */
    1913             :         }
    1914         673 :         sm->req_replay_counter_used = 0;
    1915         673 : }
    1916             : 
    1917             : 
    1918        1344 : SM_STATE(WPA_PTK, PTKSTART)
    1919             : {
    1920        1344 :         u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
    1921        1344 :         size_t pmkid_len = 0;
    1922             : 
    1923        1344 :         SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
    1924        1344 :         sm->PTKRequest = FALSE;
    1925        1344 :         sm->TimeoutEvt = FALSE;
    1926        1344 :         sm->alt_snonce_valid = FALSE;
    1927             : 
    1928        1344 :         sm->TimeoutCtr++;
    1929        1344 :         if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
    1930             :                 /* No point in sending the EAPOL-Key - we will disconnect
    1931             :                  * immediately following this. */
    1932        1349 :                 return;
    1933             :         }
    1934             : 
    1935        1339 :         wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
    1936             :                         "sending 1/4 msg of 4-Way Handshake");
    1937             :         /*
    1938             :          * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
    1939             :          * one possible PSK for this STA.
    1940             :          */
    1941        2656 :         if (sm->wpa == WPA_VERSION_WPA2 &&
    1942        1948 :             wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
    1943         631 :             sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN) {
    1944         629 :                 pmkid = buf;
    1945         629 :                 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
    1946         629 :                 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
    1947         629 :                 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
    1948         629 :                 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
    1949         629 :                 if (sm->pmksa) {
    1950          29 :                         os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
    1951             :                                   sm->pmksa->pmkid, PMKID_LEN);
    1952         600 :                 } else if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt)) {
    1953             :                         /* No KCK available to derive PMKID */
    1954           2 :                         pmkid = NULL;
    1955             :                 } else {
    1956             :                         /*
    1957             :                          * Calculate PMKID since no PMKSA cache entry was
    1958             :                          * available with pre-calculated PMKID.
    1959             :                          */
    1960        1196 :                         rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr,
    1961         598 :                                   sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
    1962             :                                   wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
    1963             :                 }
    1964             :         }
    1965        1339 :         wpa_send_eapol(sm->wpa_auth, sm,
    1966             :                        WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
    1967        1339 :                        sm->ANonce, pmkid, pmkid_len, 0, 0);
    1968             : }
    1969             : 
    1970             : 
    1971        1322 : static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
    1972             :                           const u8 *pmk, struct wpa_ptk *ptk)
    1973             : {
    1974             : #ifdef CONFIG_IEEE80211R
    1975        1322 :         if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
    1976          24 :                 return wpa_auth_derive_ptk_ft(sm, pmk, ptk);
    1977             : #endif /* CONFIG_IEEE80211R */
    1978             : 
    1979        2596 :         return wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion",
    1980        1298 :                               sm->wpa_auth->addr, sm->addr, sm->ANonce, snonce,
    1981             :                               ptk, sm->wpa_key_mgmt, sm->pairwise);
    1982             : }
    1983             : 
    1984             : 
    1985        1321 : SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
    1986             : {
    1987             :         struct wpa_ptk PTK;
    1988        1321 :         int ok = 0;
    1989        1321 :         const u8 *pmk = NULL;
    1990             : 
    1991        1321 :         SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
    1992        1321 :         sm->EAPOLKeyReceived = FALSE;
    1993        1321 :         sm->update_snonce = FALSE;
    1994             : 
    1995             :         /* WPA with IEEE 802.1X: use the derived PMK from EAP
    1996             :          * WPA-PSK: iterate through possible PSKs and select the one matching
    1997             :          * the packet */
    1998             :         for (;;) {
    1999        1338 :                 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
    2000         707 :                         pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
    2001         707 :                                                sm->p2p_dev_addr, pmk);
    2002         707 :                         if (pmk == NULL)
    2003          17 :                                 break;
    2004             :                 } else
    2005         631 :                         pmk = sm->PMK;
    2006             : 
    2007        1321 :                 wpa_derive_ptk(sm, sm->SNonce, pmk, &PTK);
    2008             : 
    2009        1321 :                 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK,
    2010             :                                        sm->last_rx_eapol_key,
    2011             :                                        sm->last_rx_eapol_key_len) == 0) {
    2012        1304 :                         ok = 1;
    2013        1304 :                         break;
    2014             :                 }
    2015             : 
    2016          17 :                 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
    2017           0 :                         break;
    2018          17 :         }
    2019             : 
    2020        1321 :         if (!ok) {
    2021          17 :                 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
    2022             :                                 "invalid MIC in msg 2/4 of 4-Way Handshake");
    2023          17 :                 return;
    2024             :         }
    2025             : 
    2026             : #ifdef CONFIG_IEEE80211R
    2027        1304 :         if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
    2028             :                 /*
    2029             :                  * Verify that PMKR1Name from EAPOL-Key message 2/4 matches
    2030             :                  * with the value we derived.
    2031             :                  */
    2032          24 :                 if (os_memcmp_const(sm->sup_pmk_r1_name, sm->pmk_r1_name,
    2033             :                                     WPA_PMK_NAME_LEN) != 0) {
    2034           0 :                         wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
    2035             :                                         "PMKR1Name mismatch in FT 4-way "
    2036             :                                         "handshake");
    2037           0 :                         wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from "
    2038             :                                     "Supplicant",
    2039           0 :                                     sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN);
    2040           0 :                         wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
    2041           0 :                                     sm->pmk_r1_name, WPA_PMK_NAME_LEN);
    2042           0 :                         return;
    2043             :                 }
    2044             :         }
    2045             : #endif /* CONFIG_IEEE80211R */
    2046             : 
    2047        1304 :         sm->pending_1_of_4_timeout = 0;
    2048        1304 :         eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
    2049             : 
    2050        1304 :         if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
    2051             :                 /* PSK may have changed from the previous choice, so update
    2052             :                  * state machine data based on whatever PSK was selected here.
    2053             :                  */
    2054         673 :                 os_memcpy(sm->PMK, pmk, PMK_LEN);
    2055             :         }
    2056             : 
    2057        1304 :         sm->MICVerified = TRUE;
    2058             : 
    2059        1304 :         os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
    2060        1304 :         sm->PTK_valid = TRUE;
    2061             : }
    2062             : 
    2063             : 
    2064        1304 : SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
    2065             : {
    2066        1304 :         SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
    2067        1304 :         sm->TimeoutCtr = 0;
    2068        1304 : }
    2069             : 
    2070             : 
    2071             : #ifdef CONFIG_IEEE80211W
    2072             : 
    2073        1314 : static int ieee80211w_kde_len(struct wpa_state_machine *sm)
    2074             : {
    2075        1314 :         if (sm->mgmt_frame_prot) {
    2076             :                 size_t len;
    2077          44 :                 len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
    2078          44 :                 return 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN + len;
    2079             :         }
    2080             : 
    2081        1270 :         return 0;
    2082             : }
    2083             : 
    2084             : 
    2085        1312 : static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
    2086             : {
    2087             :         struct wpa_igtk_kde igtk;
    2088        1312 :         struct wpa_group *gsm = sm->group;
    2089             :         u8 rsc[WPA_KEY_RSC_LEN];
    2090        1312 :         size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
    2091             : 
    2092        1312 :         if (!sm->mgmt_frame_prot)
    2093        1268 :                 return pos;
    2094             : 
    2095          44 :         igtk.keyid[0] = gsm->GN_igtk;
    2096          44 :         igtk.keyid[1] = 0;
    2097          88 :         if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
    2098          44 :             wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, rsc) < 0)
    2099           0 :                 os_memset(igtk.pn, 0, sizeof(igtk.pn));
    2100             :         else
    2101          44 :                 os_memcpy(igtk.pn, rsc, sizeof(igtk.pn));
    2102          44 :         os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], len);
    2103          44 :         if (sm->wpa_auth->conf.disable_gtk) {
    2104             :                 /*
    2105             :                  * Provide unique random IGTK to each STA to prevent use of
    2106             :                  * IGTK in the BSS.
    2107             :                  */
    2108           2 :                 if (random_get_bytes(igtk.igtk, len) < 0)
    2109           0 :                         return pos;
    2110             :         }
    2111          44 :         pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
    2112             :                           (const u8 *) &igtk, WPA_IGTK_KDE_PREFIX_LEN + len,
    2113             :                           NULL, 0);
    2114             : 
    2115          44 :         return pos;
    2116             : }
    2117             : 
    2118             : #else /* CONFIG_IEEE80211W */
    2119             : 
    2120             : static int ieee80211w_kde_len(struct wpa_state_machine *sm)
    2121             : {
    2122             :         return 0;
    2123             : }
    2124             : 
    2125             : 
    2126             : static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
    2127             : {
    2128             :         return pos;
    2129             : }
    2130             : 
    2131             : #endif /* CONFIG_IEEE80211W */
    2132             : 
    2133             : 
    2134        1304 : SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
    2135             : {
    2136             :         u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos, dummy_gtk[32];
    2137             :         size_t gtk_len, kde_len;
    2138        1304 :         struct wpa_group *gsm = sm->group;
    2139             :         u8 *wpa_ie;
    2140        1304 :         int wpa_ie_len, secure, keyidx, encr = 0;
    2141             : 
    2142        1304 :         SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
    2143        1304 :         sm->TimeoutEvt = FALSE;
    2144             : 
    2145        1304 :         sm->TimeoutCtr++;
    2146        1304 :         if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
    2147             :                 /* No point in sending the EAPOL-Key - we will disconnect
    2148             :                  * immediately following this. */
    2149           2 :                 return;
    2150             :         }
    2151             : 
    2152             :         /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
    2153             :            GTK[GN], IGTK, [FTIE], [TIE * 2])
    2154             :          */
    2155        1304 :         os_memset(rsc, 0, WPA_KEY_RSC_LEN);
    2156        1304 :         wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
    2157             :         /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
    2158        1304 :         wpa_ie = sm->wpa_auth->wpa_ie;
    2159        1304 :         wpa_ie_len = sm->wpa_auth->wpa_ie_len;
    2160        1326 :         if (sm->wpa == WPA_VERSION_WPA &&
    2161          27 :             (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
    2162          10 :             wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
    2163             :                 /* WPA-only STA, remove RSN IE and possible MDIE */
    2164           5 :                 wpa_ie = wpa_ie + wpa_ie[1] + 2;
    2165           5 :                 if (wpa_ie[0] == WLAN_EID_MOBILITY_DOMAIN)
    2166           2 :                         wpa_ie = wpa_ie + wpa_ie[1] + 2;
    2167           5 :                 wpa_ie_len = wpa_ie[1] + 2;
    2168             :         }
    2169        1304 :         wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
    2170             :                         "sending 3/4 msg of 4-Way Handshake");
    2171        1304 :         if (sm->wpa == WPA_VERSION_WPA2) {
    2172             :                 /* WPA2 send GTK in the 4-way handshake */
    2173        1282 :                 secure = 1;
    2174        1282 :                 gtk = gsm->GTK[gsm->GN - 1];
    2175        1282 :                 gtk_len = gsm->GTK_len;
    2176        1282 :                 if (sm->wpa_auth->conf.disable_gtk) {
    2177             :                         /*
    2178             :                          * Provide unique random GTK to each STA to prevent use
    2179             :                          * of GTK in the BSS.
    2180             :                          */
    2181          10 :                         if (random_get_bytes(dummy_gtk, gtk_len) < 0)
    2182           0 :                                 return;
    2183          10 :                         gtk = dummy_gtk;
    2184             :                 }
    2185        1282 :                 keyidx = gsm->GN;
    2186        1282 :                 _rsc = rsc;
    2187        1282 :                 encr = 1;
    2188             :         } else {
    2189             :                 /* WPA does not include GTK in msg 3/4 */
    2190          22 :                 secure = 0;
    2191          22 :                 gtk = NULL;
    2192          22 :                 gtk_len = 0;
    2193          22 :                 keyidx = 0;
    2194          22 :                 _rsc = NULL;
    2195          22 :                 if (sm->rx_eapol_key_secure) {
    2196             :                         /*
    2197             :                          * It looks like Windows 7 supplicant tries to use
    2198             :                          * Secure bit in msg 2/4 after having reported Michael
    2199             :                          * MIC failure and it then rejects the 4-way handshake
    2200             :                          * if msg 3/4 does not set Secure bit. Work around this
    2201             :                          * by setting the Secure bit here even in the case of
    2202             :                          * WPA if the supplicant used it first.
    2203             :                          */
    2204           0 :                         wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
    2205             :                                         "STA used Secure bit in WPA msg 2/4 - "
    2206             :                                         "set Secure for 3/4 as workaround");
    2207           0 :                         secure = 1;
    2208             :                 }
    2209             :         }
    2210             : 
    2211        1304 :         kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
    2212        1304 :         if (gtk)
    2213        1282 :                 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
    2214             : #ifdef CONFIG_IEEE80211R
    2215        1304 :         if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
    2216          24 :                 kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */
    2217          24 :                 kde_len += 300; /* FTIE + 2 * TIE */
    2218             :         }
    2219             : #endif /* CONFIG_IEEE80211R */
    2220             : #ifdef CONFIG_P2P
    2221         210 :         if (WPA_GET_BE32(sm->ip_addr) > 0)
    2222          85 :                 kde_len += 2 + RSN_SELECTOR_LEN + 3 * 4;
    2223             : #endif /* CONFIG_P2P */
    2224        1304 :         kde = os_malloc(kde_len);
    2225        1304 :         if (kde == NULL)
    2226           2 :                 return;
    2227             : 
    2228        1302 :         pos = kde;
    2229        1302 :         os_memcpy(pos, wpa_ie, wpa_ie_len);
    2230        1302 :         pos += wpa_ie_len;
    2231             : #ifdef CONFIG_IEEE80211R
    2232        1302 :         if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
    2233          24 :                 int res = wpa_insert_pmkid(kde, pos - kde, sm->pmk_r1_name);
    2234          24 :                 if (res < 0) {
    2235           0 :                         wpa_printf(MSG_ERROR, "FT: Failed to insert "
    2236             :                                    "PMKR1Name into RSN IE in EAPOL-Key data");
    2237           0 :                         os_free(kde);
    2238           0 :                         return;
    2239             :                 }
    2240          24 :                 pos += res;
    2241             :         }
    2242             : #endif /* CONFIG_IEEE80211R */
    2243        1302 :         if (gtk) {
    2244             :                 u8 hdr[2];
    2245        1280 :                 hdr[0] = keyidx & 0x03;
    2246        1280 :                 hdr[1] = 0;
    2247        1280 :                 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
    2248             :                                   gtk, gtk_len);
    2249             :         }
    2250        1302 :         pos = ieee80211w_kde_add(sm, pos);
    2251             : 
    2252             : #ifdef CONFIG_IEEE80211R
    2253        1302 :         if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
    2254             :                 int res;
    2255             :                 struct wpa_auth_config *conf;
    2256             : 
    2257          24 :                 conf = &sm->wpa_auth->conf;
    2258          24 :                 res = wpa_write_ftie(conf, conf->r0_key_holder,
    2259             :                                      conf->r0_key_holder_len,
    2260          24 :                                      NULL, NULL, pos, kde + kde_len - pos,
    2261             :                                      NULL, 0);
    2262          24 :                 if (res < 0) {
    2263           0 :                         wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE "
    2264             :                                    "into EAPOL-Key Key Data");
    2265           0 :                         os_free(kde);
    2266           0 :                         return;
    2267             :                 }
    2268          24 :                 pos += res;
    2269             : 
    2270             :                 /* TIE[ReassociationDeadline] (TU) */
    2271          24 :                 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
    2272          24 :                 *pos++ = 5;
    2273          24 :                 *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE;
    2274          24 :                 WPA_PUT_LE32(pos, conf->reassociation_deadline);
    2275          24 :                 pos += 4;
    2276             : 
    2277             :                 /* TIE[KeyLifetime] (seconds) */
    2278          24 :                 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
    2279          24 :                 *pos++ = 5;
    2280          24 :                 *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
    2281          24 :                 WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60);
    2282          24 :                 pos += 4;
    2283             :         }
    2284             : #endif /* CONFIG_IEEE80211R */
    2285             : #ifdef CONFIG_P2P
    2286         210 :         if (WPA_GET_BE32(sm->ip_addr) > 0) {
    2287             :                 u8 addr[3 * 4];
    2288          85 :                 os_memcpy(addr, sm->ip_addr, 4);
    2289          85 :                 os_memcpy(addr + 4, sm->wpa_auth->conf.ip_addr_mask, 4);
    2290          85 :                 os_memcpy(addr + 8, sm->wpa_auth->conf.ip_addr_go, 4);
    2291          85 :                 pos = wpa_add_kde(pos, WFA_KEY_DATA_IP_ADDR_ALLOC,
    2292             :                                   addr, sizeof(addr), NULL, 0);
    2293             :         }
    2294             : #endif /* CONFIG_P2P */
    2295             : 
    2296        2604 :         wpa_send_eapol(sm->wpa_auth, sm,
    2297             :                        (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC |
    2298             :                        WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
    2299             :                        WPA_KEY_INFO_KEY_TYPE,
    2300        2604 :                        _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
    2301        1302 :         os_free(kde);
    2302             : }
    2303             : 
    2304             : 
    2305        1297 : SM_STATE(WPA_PTK, PTKINITDONE)
    2306             : {
    2307        1297 :         SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
    2308        1297 :         sm->EAPOLKeyReceived = FALSE;
    2309        1297 :         if (sm->Pair) {
    2310        1297 :                 enum wpa_alg alg = wpa_cipher_to_alg(sm->pairwise);
    2311        1297 :                 int klen = wpa_cipher_key_len(sm->pairwise);
    2312        2594 :                 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
    2313        1297 :                                      sm->PTK.tk, klen)) {
    2314           0 :                         wpa_sta_disconnect(sm->wpa_auth, sm->addr);
    2315        1297 :                         return;
    2316             :                 }
    2317             :                 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
    2318        1297 :                 sm->pairwise_set = TRUE;
    2319             : 
    2320        1297 :                 if (sm->wpa_auth->conf.wpa_ptk_rekey) {
    2321           6 :                         eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
    2322           6 :                         eloop_register_timeout(sm->wpa_auth->conf.
    2323             :                                                wpa_ptk_rekey, 0, wpa_rekey_ptk,
    2324           6 :                                                sm->wpa_auth, sm);
    2325             :                 }
    2326             : 
    2327        1297 :                 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
    2328         668 :                         wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
    2329             :                                            WPA_EAPOL_authorized, 1);
    2330             :                 }
    2331             :         }
    2332             : 
    2333             :         if (0 /* IBSS == TRUE */) {
    2334             :                 sm->keycount++;
    2335             :                 if (sm->keycount == 2) {
    2336             :                         wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
    2337             :                                            WPA_EAPOL_portValid, 1);
    2338             :                 }
    2339             :         } else {
    2340        1297 :                 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
    2341             :                                    1);
    2342             :         }
    2343        1297 :         wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
    2344        1297 :         wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
    2345        1297 :         if (sm->wpa == WPA_VERSION_WPA)
    2346          22 :                 sm->PInitAKeys = TRUE;
    2347             :         else
    2348        1275 :                 sm->has_GTK = TRUE;
    2349        1297 :         wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
    2350             :                          "pairwise key handshake completed (%s)",
    2351        1297 :                          sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
    2352             : 
    2353             : #ifdef CONFIG_IEEE80211R
    2354        1297 :         wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
    2355             : #endif /* CONFIG_IEEE80211R */
    2356             : }
    2357             : 
    2358             : 
    2359       36189 : SM_STEP(WPA_PTK)
    2360             : {
    2361       36189 :         struct wpa_authenticator *wpa_auth = sm->wpa_auth;
    2362             : 
    2363       36189 :         if (sm->Init)
    2364        1568 :                 SM_ENTER(WPA_PTK, INITIALIZE);
    2365       34621 :         else if (sm->Disconnect
    2366             :                  /* || FIX: dot11RSNAConfigSALifetime timeout */) {
    2367          12 :                 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
    2368             :                                 "WPA_PTK: sm->Disconnect");
    2369          12 :                 SM_ENTER(WPA_PTK, DISCONNECT);
    2370             :         }
    2371       34609 :         else if (sm->DeauthenticationRequest)
    2372        1447 :                 SM_ENTER(WPA_PTK, DISCONNECTED);
    2373       33162 :         else if (sm->AuthenticationRequest)
    2374        1568 :                 SM_ENTER(WPA_PTK, AUTHENTICATION);
    2375       31594 :         else if (sm->ReAuthenticationRequest)
    2376         160 :                 SM_ENTER(WPA_PTK, AUTHENTICATION2);
    2377       31434 :         else if (sm->PTKRequest)
    2378           8 :                 SM_ENTER(WPA_PTK, PTKSTART);
    2379       31426 :         else switch (sm->wpa_ptk_state) {
    2380             :         case WPA_PTK_INITIALIZE:
    2381        3639 :                 break;
    2382             :         case WPA_PTK_DISCONNECT:
    2383           2 :                 SM_ENTER(WPA_PTK, DISCONNECTED);
    2384           2 :                 break;
    2385             :         case WPA_PTK_DISCONNECTED:
    2386        1449 :                 SM_ENTER(WPA_PTK, INITIALIZE);
    2387        1449 :                 break;
    2388             :         case WPA_PTK_AUTHENTICATION:
    2389        1568 :                 SM_ENTER(WPA_PTK, AUTHENTICATION2);
    2390        1568 :                 break;
    2391             :         case WPA_PTK_AUTHENTICATION2:
    2392       25805 :                 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
    2393       12566 :                     wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
    2394             :                                        WPA_EAPOL_keyRun) > 0)
    2395         644 :                         SM_ENTER(WPA_PTK, INITPMK);
    2396       12595 :                 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)
    2397             :                          /* FIX: && 802.1X::keyRun */)
    2398         673 :                         SM_ENTER(WPA_PTK, INITPSK);
    2399       13239 :                 break;
    2400             :         case WPA_PTK_INITPMK:
    2401         632 :                 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
    2402             :                                        WPA_EAPOL_keyAvailable) > 0)
    2403         632 :                         SM_ENTER(WPA_PTK, PTKSTART);
    2404             :                 else {
    2405           0 :                         wpa_auth->dot11RSNA4WayHandshakeFailures++;
    2406           0 :                         wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
    2407             :                                         "INITPMK - keyAvailable = false");
    2408           0 :                         SM_ENTER(WPA_PTK, DISCONNECT);
    2409             :                 }
    2410         632 :                 break;
    2411             :         case WPA_PTK_INITPSK:
    2412         673 :                 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr,
    2413             :                                      NULL))
    2414         673 :                         SM_ENTER(WPA_PTK, PTKSTART);
    2415             :                 else {
    2416           0 :                         wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
    2417             :                                         "no PSK configured for the STA");
    2418           0 :                         wpa_auth->dot11RSNA4WayHandshakeFailures++;
    2419           0 :                         SM_ENTER(WPA_PTK, DISCONNECT);
    2420             :                 }
    2421         673 :                 break;
    2422             :         case WPA_PTK_PTKSTART:
    2423        4077 :                 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
    2424        1319 :                     sm->EAPOLKeyPairwise)
    2425        1319 :                         SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
    2426        2878 :                 else if (sm->TimeoutCtr >
    2427        1439 :                          (int) dot11RSNAConfigPairwiseUpdateCount) {
    2428           5 :                         wpa_auth->dot11RSNA4WayHandshakeFailures++;
    2429           5 :                         wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
    2430             :                                          "PTKSTART: Retry limit %d reached",
    2431             :                                          dot11RSNAConfigPairwiseUpdateCount);
    2432           5 :                         SM_ENTER(WPA_PTK, DISCONNECT);
    2433        1434 :                 } else if (sm->TimeoutEvt)
    2434          16 :                         SM_ENTER(WPA_PTK, PTKSTART);
    2435        2758 :                 break;
    2436             :         case WPA_PTK_PTKCALCNEGOTIATING:
    2437        1336 :                 if (sm->MICVerified)
    2438        1304 :                         SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
    2439          32 :                 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
    2440           0 :                          sm->EAPOLKeyPairwise)
    2441           0 :                         SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
    2442          32 :                 else if (sm->TimeoutEvt)
    2443          15 :                         SM_ENTER(WPA_PTK, PTKSTART);
    2444        1336 :                 break;
    2445             :         case WPA_PTK_PTKCALCNEGOTIATING2:
    2446        1304 :                 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
    2447        1304 :                 break;
    2448             :         case WPA_PTK_PTKINITNEGOTIATING:
    2449        2608 :                 if (sm->update_snonce)
    2450           2 :                         SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
    2451        3903 :                 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
    2452        2594 :                          sm->EAPOLKeyPairwise && sm->MICVerified)
    2453        1297 :                         SM_ENTER(WPA_PTK, PTKINITDONE);
    2454        2618 :                 else if (sm->TimeoutCtr >
    2455        1309 :                          (int) dot11RSNAConfigPairwiseUpdateCount) {
    2456           0 :                         wpa_auth->dot11RSNA4WayHandshakeFailures++;
    2457           0 :                         wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
    2458             :                                          "PTKINITNEGOTIATING: Retry limit %d "
    2459             :                                          "reached",
    2460             :                                          dot11RSNAConfigPairwiseUpdateCount);
    2461           0 :                         SM_ENTER(WPA_PTK, DISCONNECT);
    2462        1309 :                 } else if (sm->TimeoutEvt)
    2463           0 :                         SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
    2464        2608 :                 break;
    2465             :         case WPA_PTK_PTKINITDONE:
    2466        2218 :                 break;
    2467             :         }
    2468       36189 : }
    2469             : 
    2470             : 
    2471        1598 : SM_STATE(WPA_PTK_GROUP, IDLE)
    2472             : {
    2473        1598 :         SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
    2474        1598 :         if (sm->Init) {
    2475             :                 /* Init flag is not cleared here, so avoid busy
    2476             :                  * loop by claiming nothing changed. */
    2477        1568 :                 sm->changed = FALSE;
    2478             :         }
    2479        1598 :         sm->GTimeoutCtr = 0;
    2480        1598 : }
    2481             : 
    2482             : 
    2483          33 : SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
    2484             : {
    2485             :         u8 rsc[WPA_KEY_RSC_LEN];
    2486          33 :         struct wpa_group *gsm = sm->group;
    2487             :         const u8 *kde;
    2488          33 :         u8 *kde_buf = NULL, *pos, hdr[2];
    2489             :         size_t kde_len;
    2490             :         u8 *gtk, dummy_gtk[32];
    2491             : 
    2492          33 :         SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
    2493             : 
    2494          33 :         sm->GTimeoutCtr++;
    2495          33 :         if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) {
    2496             :                 /* No point in sending the EAPOL-Key - we will disconnect
    2497             :                  * immediately following this. */
    2498           0 :                 return;
    2499             :         }
    2500             : 
    2501          33 :         if (sm->wpa == WPA_VERSION_WPA)
    2502          23 :                 sm->PInitAKeys = FALSE;
    2503          33 :         sm->TimeoutEvt = FALSE;
    2504             :         /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
    2505          33 :         os_memset(rsc, 0, WPA_KEY_RSC_LEN);
    2506          33 :         if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
    2507          23 :                 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
    2508          33 :         wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
    2509             :                         "sending 1/2 msg of Group Key Handshake");
    2510             : 
    2511          33 :         gtk = gsm->GTK[gsm->GN - 1];
    2512          33 :         if (sm->wpa_auth->conf.disable_gtk) {
    2513             :                 /*
    2514             :                  * Provide unique random GTK to each STA to prevent use
    2515             :                  * of GTK in the BSS.
    2516             :                  */
    2517           0 :                 if (random_get_bytes(dummy_gtk, gsm->GTK_len) < 0)
    2518           0 :                         return;
    2519           0 :                 gtk = dummy_gtk;
    2520             :         }
    2521          33 :         if (sm->wpa == WPA_VERSION_WPA2) {
    2522          20 :                 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
    2523          10 :                         ieee80211w_kde_len(sm);
    2524          10 :                 kde_buf = os_malloc(kde_len);
    2525          10 :                 if (kde_buf == NULL)
    2526           0 :                         return;
    2527             : 
    2528          10 :                 kde = pos = kde_buf;
    2529          10 :                 hdr[0] = gsm->GN & 0x03;
    2530          10 :                 hdr[1] = 0;
    2531          10 :                 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
    2532          10 :                                   gtk, gsm->GTK_len);
    2533          10 :                 pos = ieee80211w_kde_add(sm, pos);
    2534          10 :                 kde_len = pos - kde;
    2535             :         } else {
    2536          23 :                 kde = gtk;
    2537          23 :                 kde_len = gsm->GTK_len;
    2538             :         }
    2539             : 
    2540          66 :         wpa_send_eapol(sm->wpa_auth, sm,
    2541             :                        WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
    2542             :                        WPA_KEY_INFO_ACK |
    2543          33 :                        (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
    2544          33 :                        rsc, gsm->GNonce, kde, kde_len, gsm->GN, 1);
    2545             : 
    2546          33 :         os_free(kde_buf);
    2547             : }
    2548             : 
    2549             : 
    2550          30 : SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
    2551             : {
    2552          30 :         SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
    2553          30 :         sm->EAPOLKeyReceived = FALSE;
    2554          30 :         if (sm->GUpdateStationKeys)
    2555           9 :                 sm->group->GKeyDoneStations--;
    2556          30 :         sm->GUpdateStationKeys = FALSE;
    2557          30 :         sm->GTimeoutCtr = 0;
    2558             :         /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
    2559          30 :         wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
    2560             :                          "group key handshake completed (%s)",
    2561          30 :                          sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
    2562          30 :         sm->has_GTK = TRUE;
    2563          30 : }
    2564             : 
    2565             : 
    2566           0 : SM_STATE(WPA_PTK_GROUP, KEYERROR)
    2567             : {
    2568           0 :         SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
    2569           0 :         if (sm->GUpdateStationKeys)
    2570           0 :                 sm->group->GKeyDoneStations--;
    2571           0 :         sm->GUpdateStationKeys = FALSE;
    2572           0 :         sm->Disconnect = TRUE;
    2573           0 : }
    2574             : 
    2575             : 
    2576       36189 : SM_STEP(WPA_PTK_GROUP)
    2577             : {
    2578       36189 :         if (sm->Init || sm->PtkGroupInit) {
    2579        1568 :                 SM_ENTER(WPA_PTK_GROUP, IDLE);
    2580        1568 :                 sm->PtkGroupInit = FALSE;
    2581       34621 :         } else switch (sm->wpa_ptk_group_state) {
    2582             :         case WPA_PTK_GROUP_IDLE:
    2583       69032 :                 if (sm->GUpdateStationKeys ||
    2584       34850 :                     (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
    2585          32 :                         SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
    2586       34521 :                 break;
    2587             :         case WPA_PTK_GROUP_REKEYNEGOTIATING:
    2588         100 :                 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
    2589          60 :                     !sm->EAPOLKeyPairwise && sm->MICVerified)
    2590          30 :                         SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
    2591          80 :                 else if (sm->GTimeoutCtr >
    2592          40 :                          (int) dot11RSNAConfigGroupUpdateCount)
    2593           0 :                         SM_ENTER(WPA_PTK_GROUP, KEYERROR);
    2594          40 :                 else if (sm->TimeoutEvt)
    2595           1 :                         SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
    2596          70 :                 break;
    2597             :         case WPA_PTK_GROUP_KEYERROR:
    2598           0 :                 SM_ENTER(WPA_PTK_GROUP, IDLE);
    2599           0 :                 break;
    2600             :         case WPA_PTK_GROUP_REKEYESTABLISHED:
    2601          30 :                 SM_ENTER(WPA_PTK_GROUP, IDLE);
    2602          30 :                 break;
    2603             :         }
    2604       36189 : }
    2605             : 
    2606             : 
    2607        1568 : static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
    2608             :                           struct wpa_group *group)
    2609             : {
    2610        1568 :         int ret = 0;
    2611             : 
    2612        1568 :         os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
    2613        1568 :         inc_byte_array(group->Counter, WPA_NONCE_LEN);
    2614        3136 :         if (wpa_gmk_to_gtk(group->GMK, "Group key expansion",
    2615        1568 :                            wpa_auth->addr, group->GNonce,
    2616        3136 :                            group->GTK[group->GN - 1], group->GTK_len) < 0)
    2617           0 :                 ret = -1;
    2618        3136 :         wpa_hexdump_key(MSG_DEBUG, "GTK",
    2619        3136 :                         group->GTK[group->GN - 1], group->GTK_len);
    2620             : 
    2621             : #ifdef CONFIG_IEEE80211W
    2622        1568 :         if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
    2623             :                 size_t len;
    2624         254 :                 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
    2625         254 :                 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
    2626         254 :                 inc_byte_array(group->Counter, WPA_NONCE_LEN);
    2627         254 :                 if (wpa_gmk_to_gtk(group->GMK, "IGTK key expansion",
    2628         254 :                                    wpa_auth->addr, group->GNonce,
    2629         254 :                                    group->IGTK[group->GN_igtk - 4], len) < 0)
    2630           0 :                         ret = -1;
    2631         254 :                 wpa_hexdump_key(MSG_DEBUG, "IGTK",
    2632         254 :                                 group->IGTK[group->GN_igtk - 4], len);
    2633             :         }
    2634             : #endif /* CONFIG_IEEE80211W */
    2635             : 
    2636        1568 :         return ret;
    2637             : }
    2638             : 
    2639             : 
    2640         877 : static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
    2641             :                                struct wpa_group *group)
    2642             : {
    2643         877 :         wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
    2644             :                    "GTK_INIT (VLAN-ID %d)", group->vlan_id);
    2645         877 :         group->changed = FALSE; /* GInit is not cleared here; avoid loop */
    2646         877 :         group->wpa_group_state = WPA_GROUP_GTK_INIT;
    2647             : 
    2648             :         /* GTK[0..N] = 0 */
    2649         877 :         os_memset(group->GTK, 0, sizeof(group->GTK));
    2650         877 :         group->GN = 1;
    2651         877 :         group->GM = 2;
    2652             : #ifdef CONFIG_IEEE80211W
    2653         877 :         group->GN_igtk = 4;
    2654         877 :         group->GM_igtk = 5;
    2655             : #endif /* CONFIG_IEEE80211W */
    2656             :         /* GTK[GN] = CalcGTK() */
    2657         877 :         wpa_gtk_update(wpa_auth, group);
    2658         877 : }
    2659             : 
    2660             : 
    2661          11 : static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
    2662             : {
    2663          11 :         if (ctx != NULL && ctx != sm->group)
    2664           0 :                 return 0;
    2665             : 
    2666          11 :         if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
    2667           1 :                 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
    2668             :                                 "Not in PTKINITDONE; skip Group Key update");
    2669           1 :                 sm->GUpdateStationKeys = FALSE;
    2670           1 :                 return 0;
    2671             :         }
    2672          10 :         if (sm->GUpdateStationKeys) {
    2673             :                 /*
    2674             :                  * This should not really happen, so add a debug log entry.
    2675             :                  * Since we clear the GKeyDoneStations before the loop, the
    2676             :                  * station needs to be counted here anyway.
    2677             :                  */
    2678           0 :                 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
    2679             :                                 "GUpdateStationKeys was already set when "
    2680             :                                 "marking station for GTK rekeying");
    2681             :         }
    2682             : 
    2683             :         /* Do not rekey GTK/IGTK when STA is in WNM-Sleep Mode */
    2684          10 :         if (sm->is_wnmsleep)
    2685           0 :                 return 0;
    2686             : 
    2687          10 :         sm->group->GKeyDoneStations++;
    2688          10 :         sm->GUpdateStationKeys = TRUE;
    2689             : 
    2690          10 :         wpa_sm_step(sm);
    2691          10 :         return 0;
    2692             : }
    2693             : 
    2694             : 
    2695             : #ifdef CONFIG_WNM
    2696             : /* update GTK when exiting WNM-Sleep Mode */
    2697           4 : void wpa_wnmsleep_rekey_gtk(struct wpa_state_machine *sm)
    2698             : {
    2699           4 :         if (sm == NULL || sm->is_wnmsleep)
    2700           7 :                 return;
    2701             : 
    2702           1 :         wpa_group_update_sta(sm, NULL);
    2703             : }
    2704             : 
    2705             : 
    2706          10 : void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag)
    2707             : {
    2708          10 :         if (sm)
    2709           4 :                 sm->is_wnmsleep = !!flag;
    2710          10 : }
    2711             : 
    2712             : 
    2713           1 : int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos)
    2714             : {
    2715           1 :         struct wpa_group *gsm = sm->group;
    2716           1 :         u8 *start = pos;
    2717             : 
    2718             :         /*
    2719             :          * GTK subelement:
    2720             :          * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] |
    2721             :          * Key[5..32]
    2722             :          */
    2723           1 :         *pos++ = WNM_SLEEP_SUBELEM_GTK;
    2724           1 :         *pos++ = 11 + gsm->GTK_len;
    2725             :         /* Key ID in B0-B1 of Key Info */
    2726           1 :         WPA_PUT_LE16(pos, gsm->GN & 0x03);
    2727           1 :         pos += 2;
    2728           1 :         *pos++ = gsm->GTK_len;
    2729           1 :         if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, pos) != 0)
    2730           0 :                 return 0;
    2731           1 :         pos += 8;
    2732           1 :         os_memcpy(pos, gsm->GTK[gsm->GN - 1], gsm->GTK_len);
    2733           1 :         pos += gsm->GTK_len;
    2734             : 
    2735           1 :         wpa_printf(MSG_DEBUG, "WNM: GTK Key ID %u in WNM-Sleep Mode exit",
    2736             :                    gsm->GN);
    2737           2 :         wpa_hexdump_key(MSG_DEBUG, "WNM: GTK in WNM-Sleep Mode exit",
    2738           2 :                         gsm->GTK[gsm->GN - 1], gsm->GTK_len);
    2739             : 
    2740           1 :         return pos - start;
    2741             : }
    2742             : 
    2743             : 
    2744             : #ifdef CONFIG_IEEE80211W
    2745           1 : int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos)
    2746             : {
    2747           1 :         struct wpa_group *gsm = sm->group;
    2748           1 :         u8 *start = pos;
    2749           1 :         size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
    2750             : 
    2751             :         /*
    2752             :          * IGTK subelement:
    2753             :          * Sub-elem ID[1] | Length[1] | KeyID[2] | PN[6] | Key[16]
    2754             :          */
    2755           1 :         *pos++ = WNM_SLEEP_SUBELEM_IGTK;
    2756           1 :         *pos++ = 2 + 6 + len;
    2757           1 :         WPA_PUT_LE16(pos, gsm->GN_igtk);
    2758           1 :         pos += 2;
    2759           1 :         if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos) != 0)
    2760           0 :                 return 0;
    2761           1 :         pos += 6;
    2762             : 
    2763           1 :         os_memcpy(pos, gsm->IGTK[gsm->GN_igtk - 4], len);
    2764           1 :         pos += len;
    2765             : 
    2766           1 :         wpa_printf(MSG_DEBUG, "WNM: IGTK Key ID %u in WNM-Sleep Mode exit",
    2767             :                    gsm->GN_igtk);
    2768           1 :         wpa_hexdump_key(MSG_DEBUG, "WNM: IGTK in WNM-Sleep Mode exit",
    2769           1 :                         gsm->IGTK[gsm->GN_igtk - 4], len);
    2770             : 
    2771           1 :         return pos - start;
    2772             : }
    2773             : #endif /* CONFIG_IEEE80211W */
    2774             : #endif /* CONFIG_WNM */
    2775             : 
    2776             : 
    2777          10 : static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
    2778             :                               struct wpa_group *group)
    2779             : {
    2780             :         int tmp;
    2781             : 
    2782          10 :         wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
    2783             :                    "SETKEYS (VLAN-ID %d)", group->vlan_id);
    2784          10 :         group->changed = TRUE;
    2785          10 :         group->wpa_group_state = WPA_GROUP_SETKEYS;
    2786          10 :         group->GTKReKey = FALSE;
    2787          10 :         tmp = group->GM;
    2788          10 :         group->GM = group->GN;
    2789          10 :         group->GN = tmp;
    2790             : #ifdef CONFIG_IEEE80211W
    2791          10 :         tmp = group->GM_igtk;
    2792          10 :         group->GM_igtk = group->GN_igtk;
    2793          10 :         group->GN_igtk = tmp;
    2794             : #endif /* CONFIG_IEEE80211W */
    2795             :         /* "GKeyDoneStations = GNoStations" is done in more robust way by
    2796             :          * counting the STAs that are marked with GUpdateStationKeys instead of
    2797             :          * including all STAs that could be in not-yet-completed state. */
    2798          10 :         wpa_gtk_update(wpa_auth, group);
    2799             : 
    2800          10 :         if (group->GKeyDoneStations) {
    2801           0 :                 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: Unexpected "
    2802             :                            "GKeyDoneStations=%d when starting new GTK rekey",
    2803             :                            group->GKeyDoneStations);
    2804           0 :                 group->GKeyDoneStations = 0;
    2805             :         }
    2806          10 :         wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
    2807          10 :         wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
    2808             :                    group->GKeyDoneStations);
    2809          10 : }
    2810             : 
    2811             : 
    2812        1567 : static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
    2813             :                                        struct wpa_group *group)
    2814             : {
    2815        1567 :         int ret = 0;
    2816             : 
    2817        4701 :         if (wpa_auth_set_key(wpa_auth, group->vlan_id,
    2818        1567 :                              wpa_cipher_to_alg(wpa_auth->conf.wpa_group),
    2819             :                              broadcast_ether_addr, group->GN,
    2820        3134 :                              group->GTK[group->GN - 1], group->GTK_len) < 0)
    2821           0 :                 ret = -1;
    2822             : 
    2823             : #ifdef CONFIG_IEEE80211W
    2824        1567 :         if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
    2825             :                 enum wpa_alg alg;
    2826             :                 size_t len;
    2827             : 
    2828         254 :                 alg = wpa_cipher_to_alg(wpa_auth->conf.group_mgmt_cipher);
    2829         254 :                 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
    2830             : 
    2831         508 :                 if (ret == 0 &&
    2832         254 :                     wpa_auth_set_key(wpa_auth, group->vlan_id, alg,
    2833             :                                      broadcast_ether_addr, group->GN_igtk,
    2834         254 :                                      group->IGTK[group->GN_igtk - 4], len) < 0)
    2835           0 :                         ret = -1;
    2836             :         }
    2837             : #endif /* CONFIG_IEEE80211W */
    2838             : 
    2839        1567 :         return ret;
    2840             : }
    2841             : 
    2842             : 
    2843           0 : static int wpa_group_disconnect_cb(struct wpa_state_machine *sm, void *ctx)
    2844             : {
    2845           0 :         if (sm->group == ctx) {
    2846           0 :                 wpa_printf(MSG_DEBUG, "WPA: Mark STA " MACSTR
    2847             :                            " for discconnection due to fatal failure",
    2848           0 :                            MAC2STR(sm->addr));
    2849           0 :                 sm->Disconnect = TRUE;
    2850             :         }
    2851             : 
    2852           0 :         return 0;
    2853             : }
    2854             : 
    2855             : 
    2856           0 : static void wpa_group_fatal_failure(struct wpa_authenticator *wpa_auth,
    2857             :                                     struct wpa_group *group)
    2858             : {
    2859           0 :         wpa_printf(MSG_DEBUG, "WPA: group state machine entering state FATAL_FAILURE");
    2860           0 :         group->changed = TRUE;
    2861           0 :         group->wpa_group_state = WPA_GROUP_FATAL_FAILURE;
    2862           0 :         wpa_auth_for_each_sta(wpa_auth, wpa_group_disconnect_cb, group);
    2863           0 : }
    2864             : 
    2865             : 
    2866         886 : static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
    2867             :                                  struct wpa_group *group)
    2868             : {
    2869         886 :         wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
    2870             :                    "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
    2871         886 :         group->changed = TRUE;
    2872         886 :         group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
    2873             : 
    2874         886 :         if (wpa_group_config_group_keys(wpa_auth, group) < 0) {
    2875           0 :                 wpa_group_fatal_failure(wpa_auth, group);
    2876           0 :                 return -1;
    2877             :         }
    2878             : 
    2879         886 :         return 0;
    2880             : }
    2881             : 
    2882             : 
    2883       37955 : static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
    2884             :                               struct wpa_group *group)
    2885             : {
    2886       37955 :         if (group->GInit) {
    2887         877 :                 wpa_group_gtk_init(wpa_auth, group);
    2888       37078 :         } else if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) {
    2889             :                 /* Do not allow group operations */
    2890       37955 :         } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
    2891         877 :                    group->GTKAuthenticator) {
    2892         877 :                 wpa_group_setkeysdone(wpa_auth, group);
    2893       72373 :         } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
    2894       36172 :                    group->GTKReKey) {
    2895          10 :                 wpa_group_setkeys(wpa_auth, group);
    2896       36191 :         } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
    2897          29 :                 if (group->GKeyDoneStations == 0)
    2898           9 :                         wpa_group_setkeysdone(wpa_auth, group);
    2899          20 :                 else if (group->GTKReKey)
    2900           0 :                         wpa_group_setkeys(wpa_auth, group);
    2901             :         }
    2902       37955 : }
    2903             : 
    2904             : 
    2905       22035 : static int wpa_sm_step(struct wpa_state_machine *sm)
    2906             : {
    2907       22035 :         if (sm == NULL)
    2908           0 :                 return 0;
    2909             : 
    2910       22035 :         if (sm->in_step_loop) {
    2911             :                 /* This should not happen, but if it does, make sure we do not
    2912             :                  * end up freeing the state machine too early by exiting the
    2913             :                  * recursive call. */
    2914          15 :                 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
    2915          15 :                 return 0;
    2916             :         }
    2917             : 
    2918       22020 :         sm->in_step_loop = 1;
    2919             :         do {
    2920       36189 :                 if (sm->pending_deinit)
    2921           0 :                         break;
    2922             : 
    2923       36189 :                 sm->changed = FALSE;
    2924       36189 :                 sm->wpa_auth->group->changed = FALSE;
    2925             : 
    2926       36189 :                 SM_STEP_RUN(WPA_PTK);
    2927       36189 :                 if (sm->pending_deinit)
    2928           0 :                         break;
    2929       36189 :                 SM_STEP_RUN(WPA_PTK_GROUP);
    2930       36189 :                 if (sm->pending_deinit)
    2931           0 :                         break;
    2932       36189 :                 wpa_group_sm_step(sm->wpa_auth, sm->group);
    2933       36189 :         } while (sm->changed || sm->wpa_auth->group->changed);
    2934       22020 :         sm->in_step_loop = 0;
    2935             : 
    2936       22020 :         if (sm->pending_deinit) {
    2937           0 :                 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
    2938           0 :                            "machine deinit for " MACSTR, MAC2STR(sm->addr));
    2939           0 :                 wpa_free_sta_sm(sm);
    2940           0 :                 return 1;
    2941             :         }
    2942       22020 :         return 0;
    2943             : }
    2944             : 
    2945             : 
    2946       12863 : static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
    2947             : {
    2948       12863 :         struct wpa_state_machine *sm = eloop_ctx;
    2949       12863 :         wpa_sm_step(sm);
    2950       12863 : }
    2951             : 
    2952             : 
    2953       15518 : void wpa_auth_sm_notify(struct wpa_state_machine *sm)
    2954             : {
    2955       15518 :         if (sm == NULL)
    2956       18111 :                 return;
    2957       12925 :         eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
    2958             : }
    2959             : 
    2960             : 
    2961           3 : void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
    2962             : {
    2963             :         int tmp, i;
    2964             :         struct wpa_group *group;
    2965             : 
    2966           3 :         if (wpa_auth == NULL)
    2967           3 :                 return;
    2968             : 
    2969           3 :         group = wpa_auth->group;
    2970             : 
    2971           9 :         for (i = 0; i < 2; i++) {
    2972           6 :                 tmp = group->GM;
    2973           6 :                 group->GM = group->GN;
    2974           6 :                 group->GN = tmp;
    2975             : #ifdef CONFIG_IEEE80211W
    2976           6 :                 tmp = group->GM_igtk;
    2977           6 :                 group->GM_igtk = group->GN_igtk;
    2978           6 :                 group->GN_igtk = tmp;
    2979             : #endif /* CONFIG_IEEE80211W */
    2980           6 :                 wpa_gtk_update(wpa_auth, group);
    2981           6 :                 wpa_group_config_group_keys(wpa_auth, group);
    2982             :         }
    2983             : }
    2984             : 
    2985             : 
    2986          24 : static const char * wpa_bool_txt(int bool)
    2987             : {
    2988          24 :         return bool ? "TRUE" : "FALSE";
    2989             : }
    2990             : 
    2991             : 
    2992             : #define RSN_SUITE "%02x-%02x-%02x-%d"
    2993             : #define RSN_SUITE_ARG(s) \
    2994             : ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
    2995             : 
    2996           8 : int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
    2997             : {
    2998           8 :         int len = 0, ret;
    2999             :         char pmkid_txt[PMKID_LEN * 2 + 1];
    3000             : #ifdef CONFIG_RSN_PREAUTH
    3001           8 :         const int preauth = 1;
    3002             : #else /* CONFIG_RSN_PREAUTH */
    3003           0 :         const int preauth = 0;
    3004             : #endif /* CONFIG_RSN_PREAUTH */
    3005             : 
    3006           8 :         if (wpa_auth == NULL)
    3007           0 :                 return len;
    3008             : 
    3009          16 :         ret = os_snprintf(buf + len, buflen - len,
    3010             :                           "dot11RSNAOptionImplemented=TRUE\n"
    3011             :                           "dot11RSNAPreauthenticationImplemented=%s\n"
    3012             :                           "dot11RSNAEnabled=%s\n"
    3013             :                           "dot11RSNAPreauthenticationEnabled=%s\n",
    3014             :                           wpa_bool_txt(preauth),
    3015           8 :                           wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
    3016             :                           wpa_bool_txt(wpa_auth->conf.rsn_preauth));
    3017           8 :         if (os_snprintf_error(buflen - len, ret))
    3018           0 :                 return len;
    3019           8 :         len += ret;
    3020             : 
    3021           8 :         wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
    3022           8 :                          wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
    3023             : 
    3024         216 :         ret = os_snprintf(
    3025             :                 buf + len, buflen - len,
    3026             :                 "dot11RSNAConfigVersion=%u\n"
    3027             :                 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
    3028             :                 /* FIX: dot11RSNAConfigGroupCipher */
    3029             :                 /* FIX: dot11RSNAConfigGroupRekeyMethod */
    3030             :                 /* FIX: dot11RSNAConfigGroupRekeyTime */
    3031             :                 /* FIX: dot11RSNAConfigGroupRekeyPackets */
    3032             :                 "dot11RSNAConfigGroupRekeyStrict=%u\n"
    3033             :                 "dot11RSNAConfigGroupUpdateCount=%u\n"
    3034             :                 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
    3035             :                 "dot11RSNAConfigGroupCipherSize=%u\n"
    3036             :                 "dot11RSNAConfigPMKLifetime=%u\n"
    3037             :                 "dot11RSNAConfigPMKReauthThreshold=%u\n"
    3038             :                 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
    3039             :                 "dot11RSNAConfigSATimeout=%u\n"
    3040             :                 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
    3041             :                 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
    3042             :                 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
    3043             :                 "dot11RSNAPMKIDUsed=%s\n"
    3044             :                 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
    3045             :                 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
    3046             :                 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
    3047             :                 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
    3048             :                 "dot11RSNA4WayHandshakeFailures=%u\n"
    3049             :                 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
    3050             :                 RSN_VERSION,
    3051           8 :                 !!wpa_auth->conf.wpa_strict_rekey,
    3052             :                 dot11RSNAConfigGroupUpdateCount,
    3053             :                 dot11RSNAConfigPairwiseUpdateCount,
    3054           8 :                 wpa_cipher_key_len(wpa_auth->conf.wpa_group) * 8,
    3055             :                 dot11RSNAConfigPMKLifetime,
    3056             :                 dot11RSNAConfigPMKReauthThreshold,
    3057             :                 dot11RSNAConfigSATimeout,
    3058          32 :                 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
    3059          32 :                 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
    3060          32 :                 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
    3061             :                 pmkid_txt,
    3062          32 :                 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
    3063          32 :                 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
    3064          32 :                 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
    3065             :                 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
    3066             :                 wpa_auth->dot11RSNA4WayHandshakeFailures);
    3067           8 :         if (os_snprintf_error(buflen - len, ret))
    3068           0 :                 return len;
    3069           8 :         len += ret;
    3070             : 
    3071             :         /* TODO: dot11RSNAConfigPairwiseCiphersTable */
    3072             :         /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
    3073             : 
    3074             :         /* Private MIB */
    3075           8 :         ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
    3076           8 :                           wpa_auth->group->wpa_group_state);
    3077           8 :         if (os_snprintf_error(buflen - len, ret))
    3078           0 :                 return len;
    3079           8 :         len += ret;
    3080             : 
    3081           8 :         return len;
    3082             : }
    3083             : 
    3084             : 
    3085          50 : int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
    3086             : {
    3087          50 :         int len = 0, ret;
    3088          50 :         u32 pairwise = 0;
    3089             : 
    3090          50 :         if (sm == NULL)
    3091          30 :                 return 0;
    3092             : 
    3093             :         /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
    3094             : 
    3095             :         /* dot11RSNAStatsEntry */
    3096             : 
    3097          20 :         pairwise = wpa_cipher_to_suite(sm->wpa == WPA_VERSION_WPA2 ?
    3098             :                                        WPA_PROTO_RSN : WPA_PROTO_WPA,
    3099             :                                        sm->pairwise);
    3100          20 :         if (pairwise == 0)
    3101           0 :                 return 0;
    3102             : 
    3103         180 :         ret = os_snprintf(
    3104             :                 buf + len, buflen - len,
    3105             :                 /* TODO: dot11RSNAStatsIndex */
    3106             :                 "dot11RSNAStatsSTAAddress=" MACSTR "\n"
    3107             :                 "dot11RSNAStatsVersion=1\n"
    3108             :                 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
    3109             :                 /* TODO: dot11RSNAStatsTKIPICVErrors */
    3110             :                 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
    3111             :                 "dot11RSNAStatsTKIPRemoteMICFailures=%u\n"
    3112             :                 /* TODO: dot11RSNAStatsCCMPReplays */
    3113             :                 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
    3114             :                 /* TODO: dot11RSNAStatsTKIPReplays */,
    3115         120 :                 MAC2STR(sm->addr),
    3116          40 :                 RSN_SUITE_ARG(pairwise),
    3117             :                 sm->dot11RSNAStatsTKIPLocalMICFailures,
    3118             :                 sm->dot11RSNAStatsTKIPRemoteMICFailures);
    3119          20 :         if (os_snprintf_error(buflen - len, ret))
    3120           0 :                 return len;
    3121          20 :         len += ret;
    3122             : 
    3123             :         /* Private MIB */
    3124          20 :         ret = os_snprintf(buf + len, buflen - len,
    3125             :                           "hostapdWPAPTKState=%d\n"
    3126             :                           "hostapdWPAPTKGroupState=%d\n",
    3127          20 :                           sm->wpa_ptk_state,
    3128          20 :                           sm->wpa_ptk_group_state);
    3129          20 :         if (os_snprintf_error(buflen - len, ret))
    3130           0 :                 return len;
    3131          20 :         len += ret;
    3132             : 
    3133          20 :         return len;
    3134             : }
    3135             : 
    3136             : 
    3137           3 : void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
    3138             : {
    3139           3 :         if (wpa_auth)
    3140           3 :                 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
    3141           3 : }
    3142             : 
    3143             : 
    3144        6561 : int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
    3145             : {
    3146        6561 :         return sm && sm->pairwise_set;
    3147             : }
    3148             : 
    3149             : 
    3150        5446 : int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
    3151             : {
    3152        5446 :         return sm->pairwise;
    3153             : }
    3154             : 
    3155             : 
    3156       10304 : int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
    3157             : {
    3158       10304 :         if (sm == NULL)
    3159        1952 :                 return -1;
    3160        8352 :         return sm->wpa_key_mgmt;
    3161             : }
    3162             : 
    3163             : 
    3164        3614 : int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
    3165             : {
    3166        3614 :         if (sm == NULL)
    3167           0 :                 return 0;
    3168        3614 :         return sm->wpa;
    3169             : }
    3170             : 
    3171             : 
    3172           1 : int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
    3173             :                              struct rsn_pmksa_cache_entry *entry)
    3174             : {
    3175           1 :         if (sm == NULL || sm->pmksa != entry)
    3176           0 :                 return -1;
    3177           1 :         sm->pmksa = NULL;
    3178           1 :         return 0;
    3179             : }
    3180             : 
    3181             : 
    3182             : struct rsn_pmksa_cache_entry *
    3183        2284 : wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
    3184             : {
    3185        2284 :         return sm ? sm->pmksa : NULL;
    3186             : }
    3187             : 
    3188             : 
    3189           2 : void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
    3190             : {
    3191           2 :         if (sm)
    3192           2 :                 sm->dot11RSNAStatsTKIPLocalMICFailures++;
    3193           2 : }
    3194             : 
    3195             : 
    3196        5928 : const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
    3197             : {
    3198        5928 :         if (wpa_auth == NULL)
    3199        1212 :                 return NULL;
    3200        4716 :         *len = wpa_auth->wpa_ie_len;
    3201        4716 :         return wpa_auth->wpa_ie;
    3202             : }
    3203             : 
    3204             : 
    3205         605 : int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
    3206             :                        int session_timeout, struct eapol_state_machine *eapol)
    3207             : {
    3208        1199 :         if (sm == NULL || sm->wpa != WPA_VERSION_WPA2 ||
    3209         594 :             sm->wpa_auth->conf.disable_pmksa_caching)
    3210          52 :                 return -1;
    3211             : 
    3212        1659 :         if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN,
    3213         553 :                                  sm->PTK.kck, sm->PTK.kck_len,
    3214         553 :                                  sm->wpa_auth->addr, sm->addr, session_timeout,
    3215             :                                  eapol, sm->wpa_key_mgmt))
    3216         552 :                 return 0;
    3217             : 
    3218           1 :         return -1;
    3219             : }
    3220             : 
    3221             : 
    3222           2 : int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
    3223             :                                const u8 *pmk, size_t len, const u8 *sta_addr,
    3224             :                                int session_timeout,
    3225             :                                struct eapol_state_machine *eapol)
    3226             : {
    3227           2 :         if (wpa_auth == NULL)
    3228           0 :                 return -1;
    3229             : 
    3230           2 :         if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len,
    3231             :                                  NULL, 0,
    3232           2 :                                  wpa_auth->addr,
    3233             :                                  sta_addr, session_timeout, eapol,
    3234             :                                  WPA_KEY_MGMT_IEEE8021X))
    3235           2 :                 return 0;
    3236             : 
    3237           0 :         return -1;
    3238             : }
    3239             : 
    3240             : 
    3241          33 : int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr,
    3242             :                            const u8 *pmk)
    3243             : {
    3244          33 :         if (wpa_auth->conf.disable_pmksa_caching)
    3245           2 :                 return -1;
    3246             : 
    3247          31 :         if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, PMK_LEN,
    3248             :                                  NULL, 0,
    3249          31 :                                  wpa_auth->addr, addr, 0, NULL,
    3250             :                                  WPA_KEY_MGMT_SAE))
    3251          31 :                 return 0;
    3252             : 
    3253           0 :         return -1;
    3254             : }
    3255             : 
    3256             : 
    3257          10 : void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
    3258             :                            const u8 *sta_addr)
    3259             : {
    3260             :         struct rsn_pmksa_cache_entry *pmksa;
    3261             : 
    3262          10 :         if (wpa_auth == NULL || wpa_auth->pmksa == NULL)
    3263          12 :                 return;
    3264           8 :         pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL);
    3265           8 :         if (pmksa) {
    3266          42 :                 wpa_printf(MSG_DEBUG, "WPA: Remove PMKSA cache entry for "
    3267          42 :                            MACSTR " based on request", MAC2STR(sta_addr));
    3268           7 :                 pmksa_cache_free_entry(wpa_auth->pmksa, pmksa);
    3269             :         }
    3270             : }
    3271             : 
    3272             : 
    3273             : static struct wpa_group *
    3274           8 : wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
    3275             : {
    3276             :         struct wpa_group *group;
    3277             : 
    3278           8 :         if (wpa_auth == NULL || wpa_auth->group == NULL)
    3279           0 :                 return NULL;
    3280             : 
    3281           8 :         wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
    3282             :                    vlan_id);
    3283           8 :         group = wpa_group_init(wpa_auth, vlan_id, 0);
    3284           8 :         if (group == NULL)
    3285           0 :                 return NULL;
    3286             : 
    3287           8 :         group->next = wpa_auth->group->next;
    3288           8 :         wpa_auth->group->next = group;
    3289             : 
    3290           8 :         return group;
    3291             : }
    3292             : 
    3293             : 
    3294          14 : int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
    3295             : {
    3296             :         struct wpa_group *group;
    3297             : 
    3298          14 :         if (sm == NULL || sm->wpa_auth == NULL)
    3299           6 :                 return 0;
    3300             : 
    3301           8 :         group = sm->wpa_auth->group;
    3302          29 :         while (group) {
    3303          13 :                 if (group->vlan_id == vlan_id)
    3304           0 :                         break;
    3305          13 :                 group = group->next;
    3306             :         }
    3307             : 
    3308           8 :         if (group == NULL) {
    3309           8 :                 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
    3310           8 :                 if (group == NULL)
    3311           0 :                         return -1;
    3312             :         }
    3313             : 
    3314           8 :         if (sm->group == group)
    3315           0 :                 return 0;
    3316             : 
    3317           8 :         if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
    3318           0 :                 return -1;
    3319             : 
    3320          48 :         wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
    3321          48 :                    "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
    3322             : 
    3323           8 :         sm->group = group;
    3324           8 :         return 0;
    3325             : }
    3326             : 
    3327             : 
    3328        2205 : void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
    3329             :                                   struct wpa_state_machine *sm, int ack)
    3330             : {
    3331        2205 :         if (wpa_auth == NULL || sm == NULL)
    3332        2205 :                 return;
    3333       13230 :         wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key TX status for STA " MACSTR
    3334       13230 :                    " ack=%d", MAC2STR(sm->addr), ack);
    3335        2205 :         if (sm->pending_1_of_4_timeout && ack) {
    3336             :                 /*
    3337             :                  * Some deployed supplicant implementations update their SNonce
    3338             :                  * for each EAPOL-Key 2/4 message even within the same 4-way
    3339             :                  * handshake and then fail to use the first SNonce when
    3340             :                  * deriving the PTK. This results in unsuccessful 4-way
    3341             :                  * handshake whenever the relatively short initial timeout is
    3342             :                  * reached and EAPOL-Key 1/4 is retransmitted. Try to work
    3343             :                  * around this by increasing the timeout now that we know that
    3344             :                  * the station has received the frame.
    3345             :                  */
    3346        1075 :                 int timeout_ms = eapol_key_timeout_subseq;
    3347        1075 :                 wpa_printf(MSG_DEBUG, "WPA: Increase initial EAPOL-Key 1/4 "
    3348             :                            "timeout by %u ms because of acknowledged frame",
    3349             :                            timeout_ms);
    3350        1075 :                 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
    3351        1075 :                 eloop_register_timeout(timeout_ms / 1000,
    3352        1075 :                                        (timeout_ms % 1000) * 1000,
    3353             :                                        wpa_send_eapol_timeout, wpa_auth, sm);
    3354             :         }
    3355             : }
    3356             : 
    3357             : 
    3358        3704 : int wpa_auth_uses_sae(struct wpa_state_machine *sm)
    3359             : {
    3360        3704 :         if (sm == NULL)
    3361           0 :                 return 0;
    3362        3704 :         return wpa_key_mgmt_sae(sm->wpa_key_mgmt);
    3363             : }
    3364             : 
    3365             : 
    3366           4 : int wpa_auth_uses_ft_sae(struct wpa_state_machine *sm)
    3367             : {
    3368           4 :         if (sm == NULL)
    3369           0 :                 return 0;
    3370           4 :         return sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE;
    3371             : }
    3372             : 
    3373             : 
    3374             : #ifdef CONFIG_P2P
    3375         206 : int wpa_auth_get_ip_addr(struct wpa_state_machine *sm, u8 *addr)
    3376             : {
    3377         206 :         if (sm == NULL || WPA_GET_BE32(sm->ip_addr) == 0)
    3378         121 :                 return -1;
    3379          85 :         os_memcpy(addr, sm->ip_addr, 4);
    3380          85 :         return 0;
    3381             : }
    3382             : #endif /* CONFIG_P2P */
    3383             : 
    3384             : 
    3385          13 : int wpa_auth_radius_das_disconnect_pmksa(struct wpa_authenticator *wpa_auth,
    3386             :                                          struct radius_das_attrs *attr)
    3387             : {
    3388          13 :         return pmksa_cache_auth_radius_das_disconnect(wpa_auth->pmksa, attr);
    3389             : }

Generated by: LCOV version 1.10